Congratulations on getting that new wearable device over the holidays. You're on your way to a new, trackable, data-filled life.
Or you’re about to be hacked.
"Every digital technology, as its use has expanded, has drawn attention from hackers and criminals," says Stephen Cobb of ESET. "So if wearables get to the point where criminals can see a way to exploit them for gain, they will try to do that."
In his role as senior security researcher at ESET, Cobb says he hasn't seen that happen yet, but that doesn't mean it isn't on the horizon.
He points to a recent issue with VTech, which makes a wearable for kids. Its customer database, which includes the information of 5 million parents and 200,000 children, was recently compromised.
"Some of their toys took photographs and some of those photographs were shared on their back-end system," Cobb says. "In the case of a wearable, this could have location information, it could have health related information."
Some good news amid the dark: Consumers already have a healthy dose of skepticism about wearables. According to a study conducted by Auth0, 52 percent of consumers don't think that IoT devices have the necessary security that they need. So consumers are going to get into the wearable market already being on guard about the security of their device.
However, as the VTech breach shows and as Cobb predicts, it's not the devices themselves that are the weak link in the chain. It's the databases where that information being collected is stored.
"If somebody was going to target the data that a wearable company collected about its consumers, typically criminals are looking for a name, address, personally identifiable information," he says. They could do a wash of things with that information. Also, if they have location information that's updated in real time, they could be looking for when you're not home, which could make you a burglary target -- much like the earlier days of Facebook when criminals targeted people who were posting vacation pictures while still on vacation.
Most likely, Cobb says, companies will build the necessary security around their databases because otherwise they could face wrath of the Federal Trade Commission.
He stresses that consumers should do research on the companies that they're getting wearables from as well third-party apps that use the data, too, and to read their privacy policies to see what's being done with that data. If the app doesn't have one? Move onto another app.
The wearable workplace worry
If you're the CIO of a company that deals with sensitive information -- whether that's health information, company trade secrets, financial data, attorney-client privilege -- there could be legal repercussions for letting wearables into the workspace.
Sign up for Computerworld eNewsletters.