Smart Wearables

Wear them. Don’t let them undress you.

Smart Wearables, also called simply "Wearables", whose name is derived from the English term "Wearable Computing Device", are small computer systems that can be worn directly on the body. Wearables belong to the category of “smart devices” because they can be networked with other devices via the Internet or other data transmission technologies.

The most popular wearables are

  • Fitness or Activity Tracker
  • Smart Watches, which generally combine the applications of a Fitness Tracker and other functions
  • Smart Headsets (smart headphones)
  • Smart clothes and glasses are less common

Main risks

Artboard 2

Data leak

Can do as much damage as a water leak…

Data leak

Wearables transfer data to a smartphone via Bluetooth or NFC interfaces, then an associated application evaluates the data, prepares it graphically and displays it. Cloud services or “companion devices”, such as smartphones, tablets or PCs to which wearables are connected, are used as temporary storage. If the transmission and storage are not encrypted, there is also a risk of manipulation and espionage during data transmission. By their very nature, wearables collect a large amount of data on our daily habits, our movements, our physical performance… All this sensitive data can be subject to malicious use.
Artboard 1

Diversion

An army of robots who want to harm us…

Diversion

Connected objects can also be objects of attacks that do not target them directly, but aim to turn them into "zombies" to form networks of remotely controlled "botnet" robots. These botnets are generally used to launch denial of service attacks (DDOS - Distributed Denial of Service). In case attackers manage to take control enough IoT devices to form a botnet, they can activate them simultaneously to generate an intense artificial data flow and overload networks. This results in the unavailability of information networks or systems, sometimes vital for individuals, companies or communities.
Artboard 4

Tracking

You cannot hide…

Tracking

Wearables being by definition worn by their owner, they record all their movements if they are equipped with GPS. Diverted from their initial function, they can spy on us or disclose sensitive data concerning us (physical condition, movements, eating habits, etc.). The data recorded by these connected objects may, for example, be of interest to insurers who could use it without your knowledge to increase your insurance premiums if they believe that you are behaving at risk or in poor health.

Protection tips

Artboard 1

Password

0000 is null for the password...

Password

The first precaution to take is to ensure a high level of password complexity. A password must contain a mixture of upper- and lowercase letters, numbers and special characters. You can test the strength of your password through free tools such as https://howsecureismypassword.net/. Default accounts of most connected objects are generally known and appear in public documentation. It is, therefore, very easy for an attacker to test these front doors in an attempt to take control of an IoT. When first accessing the configuration settings of the IoT device, it is advisable to create your personal administrator account and then delete the default accounts. This way, attacks on these easy targets can be prevented. The connected companion device should also be secured with a strong password and be protected like any mobile device. This also applies to secure the Wi-Fi network used.
Artboard 2

Network

Close the front door...

Network

To be able to offer the wearables their functions, personal data is collected through their corresponding applications. If unauthorised third parties gain access to this data, they can get a lot of information, if not almost everything about the user (depending on the volume and nature of the data) and could use that knowledge for bad purposes. The possible gateways to a wearable’s system and the data stored therein represent security holes in the application software or the operating system of these smart mini-computers. When paired with your smartphone, the wearable can access smartphone data and functions, such as location, contacts or phone status. Wearable’s access permissions to companion device data must, therefore, always be checked and deactivated - if necessary. Conversely, access to wearable data via companion device applications should only be authorised if necessary. An attacker could exploit this, for example, to gain control of the wearable. If a hacked wearable has extended rights to control another device to which it is connected, such as a smartphone, the attacker can also use these rights to take control of the latter. Regular monitoring of the local area network (Wi-Fi), connected devices and their activity will also help detect possible problems and close doors when they are no longer in use. Some good practices:
  • If the object does not have a protection option via a password or a PIN code, it must be stored and kept in a secure place when not worn on the body.
  • If possible, data encryption should be enabled.
  • Regular monitoring of the local network (Wi-Fi), connected devices and their activity will also detect possible problems and close doors when they are no longer in use
Artboard 10

Before purchasing your devices, do your research.

« Clever Akafen »

Before purchasing your devices, do your research.

Before using or purchasing a wearable, users should check the following points and, if possible, configure the settings themselves for added security. The initial pairing of wearables with companion devices must take place in a trusted environment, for example at your home. In this way, it is possible to prevent sensitive information which is to be exchanged during the initial connection from being intercepted, for example during the exchange of passwords.
Artboard 7

Regular updates

Patch, Patch, Patch…

Regular updates

One of the major issues is a common suspect in cybersecurity: failing to install software updates ("patches"). It is particularly important to use the patches provided by the suppliers. This is especially important for connected objects which are -by definition- permanently exposed to potential attacks. When updates are available for the wearable, they should be installed immediately. If there is an automated update feature, it should be enabled. Please note: with each update, modifications may be made to the structure of authorisations. Check permissions after each update and readjust if necessary.
Artboard 11

Device deactivation

Because an oversight can become a flaw…

Device deactivation

Any IoT device integrated into the network has potential flaws and vulnerabilities. A device that is not in use may also be forgotten in inventory or security updates. Therefore, do not hesitate to deactivate any device that is not in use.
Artboard 12

Disposal

Because everything has an end…

Disposal

In case of prolonged non-use or obsolescence, IoT devices should be removed from the network and be disposed of. IoT devices often have a memory that stores information or configurations that reveal aspects related to the security of your network. Do not forget to delete this data from the devices.
Artboard 6

Contract

Dura lex sed lex…

Contract

As with any contract, careful reading is required. The general conditions of use of a connected object can be long and complex, but they are not trivial because they legally bind their users.