If you’ve been to a music festival recently, you may have noticed something convenient about your wristband. Sure, it serves its main purpose of getting you into the event, but with recent technology, it now has the capability to do quite a bit more.
Take for instance Austin City Limits music festival, which took place last weekend and will run again this coming weekend here in Austin. Festival-goers have the opportunity to load their credit card information onto their wristband either online or via the mobile app to alleviate digging around in their bag or wallet in the middle of a busy crowd. Simply hold the chip in your wristband up to the POS reader on the vendor’s iPad and voila! You’ve paid for your drink, snack, or souvenir.
Sounds convenient, right? But consider this: As you exit the festival, there are people lined up, eager to buy your wristband from you. Sell it, and it won’t take much for the person to gain access to the personal information associated with the wristband and your credit card info. It would just be a matter of cracking your four-digit pin that you had set up when registering your wristband.
This is just one case to consider, which opens up a broader discussion around what we may be sacrificing from a security perspective in the era of wearables and the Internet of Things.
Wearables, particularly fitness bands, have taken off in the past few years. PwC recently reported that more than 20 percent of U.S. adults already own at least one wearable, and that there will be as many as 50 billion new connected devices by 2020. What users may not realize is that wearable tech creates a new opportunity for a massive quantity of private data to be collected – with or without the user’s knowledge.
Symantic threat researcher Candid Wueest recently shared with Wired that it’s not so much about the level of danger people put themselves in wearing wearable devices, but more about the fact that at this point, developers are not prioritizing security and privacy. From his research, Wueest found that some devices sent data to a staggering 14 IP addresses. During his demonstration at Black Hat, Wueest identified six Jawbone and Fitbit users in the audience, showing how easy it was to find users’ locations, and specific details down to the time they left or entered the room.
But is it the wearable itself that poses the actual security threat? Gary Davis of Intel has explained (and we agree), that the weakest link is actually a user’s mobile phone, not the wearable itself. Most wearables link to your mobile phone, which, in comparison to the wearable device, hosts an exponentially greater amount of data, making it an irresistible target for hackers.
Before you cancel your order on that new fancy fitness tracker, keep this in mind: There are a number of simple, common sense steps you can take in order to protect your data. Consider buying a wearable that comes equipped with remote-lock capabilities, so that you can lock or erase its data if it is stolen. Also, as always, use a password to protect your device, use biometric authentication whenever possible, and keep an eye on user reviews online.
Stay tuned to the blog for more cybersecurity news throughout National Cyber Security Awareness Month. Share your thoughts with us on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.