Do You Need Security For Your Wearables? 5 Ways Your Data May Be Vulnerable

April 2015: Wearables are amazing! They’re changing the way we go about our days and what we know about ourselves. But they’re also portals into our personal information. Security for wearables is a mindset: being aware that your favorite new device is an information gathering and sharing machine. So you need to pay attention to where you send and store that information.

Here are five ways your personal data from wearables may be vulnerable and what you can do to keep it secure:

1. Your data may be vulnerable because your phone’s Bluetooth is enabled.
Your wearable is great at gathering data and sending it someplace else — to your smartphone or the cloud — or for displaying data from your phone via Bluetooth. But when you keep Bluetooth on your device enabled, you’re also keeping a device portal open. Hackers who are nearby can “discover” and connect with your device without you knowing it. Once connected, they can do things like download your contacts, photos, SIM-card details or even take control of your device (bluesnarfing), listen in on your calls and texts (bluebugging), make international calls using your account and even send your device a corruption code that will make it unusable. Disable Bluetooth when you’re not using it and when you are using it, take it off discoverable mode.

2. Your data may be vulnerable when it’s stored on your mobile phone.
If the data that your wearable collects is stored on your smartphone, it can be susceptible to malware. While you may be using a perfectly legitimate health app, if that game you installed last year contains malware, your data could be collected without your knowing it. And when it’s combined with other data from your phone — financial, travel or personal identification data, for example —  your life can be a virtual open book. Use only pre-vetted apps from iTunes and now Google Play and get a good anti-malware app if you use an Android device.

3. Your data may be vulnerable when your device is trying to connect to public WiFi.
If you’re using Google Glass or another device that automatically attempts to connect to public WiFi, all the usual caveats apply. Hackers know this, of course, so they work hard to make their fake networks seem legit. Fortunately, some of the data that’s collected, such as your Google searches via Google Glass, are encrypted but tests show that plenty of data from wearables can be read as plain text when sent via public WiFi. As with any other type of computing, avoid public WiFi.

4. Your data may be vulnerable when there’s so much of it.
Tracking everything you do may help you fine-tune your life but it also drastically reduces your privacy and increases your vulnerability. It doesn’t take much imagination to figure out how sharing where you go, how long you stay, where you sleep, how fast you drive and all sorts of other data can have a potentially negative impact! It may not bother you when it comes to targeted ads in your social media news feeds but you might feel differently if the information affects the services you buy and what you pay for them, like insurance. Carefully consider what, exactly, you need to track and share.

5. Your data may be vulnerable when it’s not being used in the way you think it is.

No one likes to be duped. So if you’re using a marketing app that’s masquerading as a fitness app — or you’re using an app that doesn’t have the protections you’d expect — your wearable suddenly becomes much less awesome. Kaspersky reports that the FTC tested 43 fitness apps and discovered 23 percent of the free apps and 40 percent of the paid apps had no privacy policy at all. None. Which means data collectors can do what they want with it. In addition, 20 percent of the apps sold data to third parties (some developers admit insurance companies provide half their income) and only 10-13 percent had enabled data encryption. Read the small print! See the FTC’s list in TechRepublic to understand what type of data can be collected so you can make wise security and privacy decisions.

You may also be interested in: