Expert warns over wearable tech data security

Written by Peter Walker
14/03/2019

Personal data security is being put at risk as companies race to create wearable device-optimised versions of their apps, according to one expert.

Mike Lynch, chief strategy officer at mobile device security firm InAuth, told National Technology News that while things like smart watches can offer useful insight, convenience and accessibility, with any new technology that collects consumer information, there is a potential for fraud if the right security measures are not in place.

“Potential data compromise threats range from people’s activity metrics, such as their walking paths or running speeds, to access to their location, contacts, camera and personal data - age, height, weight, and gender - and potential access to financial information if a consumer is using an unprotected wearable device to make payments,” he stated, adding: “Such behaviour is precisely why organisations must make security at the device-level a top concern.”

In January, Fossil Group has agreed to sell intellectual property related to its smartwatch technology to Google for $40 million.

The watch manufacturer said that in recent years smartwatches have become its fastest growing category, with launched so far, including integrations with Google Pay and health apps suitable for iPhone and Android smartphones.

The deal is the latest in the race among tech giants to tap into this market, which industry experts expect to be worth $57 billion by 2022.

Lynch suggested that to protect paired mobile devices from point-of-entry attacks that originate from a wearable’s application, manufacturers should implement authentication protocols that leverage biometric technology, versus an ID and password combination, which is more easily compromised in mass breaches and susceptible to phishing.

“Manufacturers that create mobile or online applications for wearables should also invest in digital authentication and fraud prevention solutions to protect consumer information,” he argued, urging the strongest level of identity verification.

While companies need to take responsibility, Lynch also took aim at the authorities for a lack of proper legislation and regulation.

“In the US at this time, there is no one specific regulatory framework for the wearable technology industry for manufacturers,” he explained. “However, depending on the application of the wearable or the data collected, certain regulations may apply for different verticals – for example, the current FTC act should be considered for consumer privacy, FFIEC guidelines for banking, FDA if the device is not used for ‘general wellness’ but rather for a physician tracking a patient, and HIPAA for healthcare.”

In the UK, at the end of January, business secretary Greg Clark announced new measures aimed at helping digital device manufacturers ‘design out’ some of the most damaging cyber security threats.

Part of the funding for the initiative to ‘bake in’ cyber defence technology to digital devices will come from the £70 million Industrial Strategy Challenge Fund and backed by further investment from industry.

A further £30 million of government investment will be focused on ensuring smart systems and connected devices are safe and secure. There are expected to be more than 420 million such devices in use across the UK within the next three years.