You’ve slept through the alarm clock and it’s already 7.30 am. As you realise there are 30 minutes left to brush yourself up, you decide to take a double coffee and get into the taxi not to be late for work. By that moment your smartwatch has already tracked you haven’t got enough of sleep, you have a rapid heart because of coffee and adrenalin rush because of fear to be late for work.
After that you come to your office, get some email notifications directly to your smartwatch, read messages on Facebook, check your calendar for the meetings. Then you decide to order some pizza for lunch, gain extra calories, then you go the gym after work and your wearable device tracks your heartbeat. After the hard-working day you come home and reset another alarm for tomorrow.
Do you follow the idea? It tracks. And it tracks everything. And all this data is stored in a cloud. So easily accessible and so vulnerable.
Now do you imagine what will happen if all that collected information is compromised?
If it happens you’ll have an increased pay for your health insurance, numerous SMS ads with discounts for taxi service, endless pizza special offers and even an antidepressant drugs promo!
ABI Research says that now there are more than 200 mln wearables according to their research. In 3 years (by 2018) their amount will increase up to 780 mln items! A nice opportunity for hackers to benefit from your private info.
The sword cuts both ways
Wearables may seem to be an expected evolution of a smartphone aimed at making our lives more simple and convenient, but they’re not in fact.
We’re living in the era of interconnected devices, with wearables among them. They first appeared as great assistants for health and sports industry. Today they’ve developed into a brand new trend emerging every year.
What’s the paradox about them?
In order to enable their functionality for 100% you’ll need to reveal the most private info ever.
The fact is that your pulse tracker, smartwatch, Jawbone not only tracks your location via satellites like our smartphones do. They can also tell your pulse, heartbeat rate and even level of oxygen in your blood! Guys from the University of Illinois concluded that hackers can know what you’re typing on your keyboard since wearables can guesses that.
So when you purchase a wearable device, do you assume that your information can face possible breach or your provider who receives it may use it for unknown purposes without your consent?
This simple accessory on your wrist can be a cause of the following events:
- the company you decided to reveal your private information to may stop existing in several years or merge with another company. But all the private data will be still collected on their servers. What will happen to it? We bet you know.
- the company may go bankrupt. And your data is still there. You’ll never know what happens to it. Very likely they’ll just sell it.
- not only personal information (location, blood pressure, temperature etc.) can be disclosed. Users connect their wearables to devices containing corporate operational info that is extremely sensitive to breaches.
Can the data be deleted?
Rather no. Due to the interconnected nature of devices, it’s hard to imagine removing some piece of information from your device since it has already been synchronized with another one.
The apps just seem to be free
Do you have Google Maps? Swarm? Instagram? You get great service and functionality and think how great to use them for free … but it’s not really so.
The producing companies get your info in exchange. Some experts even suggest that in the near future we won’t pay money for app at all, there will be another currency – information we reveal.
Take Swarm for example. You can identify your location, look for nearby restaurants, leave ratings, read feedbacks. Great amount of job had been done to make it all possible. And it’s all for free. But while you’re having fun with the app, the producers collect your preferences, places you often attend, food you find delicious and even people you’re accompanied. After that they can sell you something. That’s how the info can be used.
Another weak point is the smartphone, because the smartwatch is managed by mobile devices.
In fact, your information can be stolen together with your mobile device, since they come first to be connected to your wearable. In terms of our favourite holy war iOS vs Android, Karhrman Ziegenbein, CEO of Toonari Corp, said:
The Android devices are much worse than the Apple device. There are much more things the Android apps have access to. For us it’s not as regulated as you have it with Apple. That’s why you have more challenges. It’s nice because you can do more things with it.
Who is in charge to regulate: the manufacturer or the government?
After downloading another app, there’s a popup asking to accept their terms and conditions in order to proceed. Have you read them up to the end at least once in your life? We bet you didn’t. We’re too lazy for such staff.
Damien Mehers, the developer of Evernote app and Samsung Galaxy Gear once said:
Especially with the fitness [devices], if you read the license agreements, if people really realized what they are signing up for, they might be horrified at what they’re allowing the companies to do with the data. I think there needs to be more clarity and perspective from the user.
This has caused the US Federal Trade Commision to provide a report called “Data Brokers, A Call for Transparency and Accountability” to Congress in 2014. They claimed to inform users on what kind of information is collected, who collects this info and how it is used.
The types of data that can be collected (according to the report):
- ID: name, address, Social Security number, driver’s licence.
- Demographic: language, age, gender.
- Social media: number of subscribers on Facebook or Twitter, your influence and behaviour within the networks, preferences of content.
- Personal interests: taking some kind of sport, attendance of events and their types, internet subscription for news resources, info on pets, playlist, favourite movies, food, drinks.
- Purchasing: how much, how often you buy, what and where. If you buy any over-size clothes or shoes with corrective insole. Your payment details: credit or cash. Check if you purchase any guns or ammunition. Delivery address details.
- Travelling preferences: ability to afford travelling abroad, destinations you enjoy, if you travel alone or with family or friends, number of vacations you take per year.
- Driving: how often you take a taxi, do you own a car, your driving license, brand preferences.
- Health: smoking, extra weight, poor eyesight, dietary supplements, allergy.
So it may only seem that apps get only relevant info on location or amount of steps you did through the day.
That’s why manufacturers don’t develop apps for wearables on their own, but outsource them to specialised companies that can provide an app with necessary built-in security solution.
Another point development houses suffer from is that it’s impossible to check if all their app’s users regularly update the app and protect their information with the latest solution.
Any Compromise?
Chances are high you buy some wearable device (even acknowledging all the risks) if the possible benefits you get are higher than your concerns. We don’t put google glasses on the list, because many experts predict people won’t like to use them since the privacy level of info revealed there is much higher.
It’s up to the consumer to determine the level of risk they’re willing to take versus the benefit they get from their wearable devices. Finally, if someone will want to steal some data, it’s not that hard and the servers where it is usually stored can be easily hacked.
Sonny Vu, founder of Misfit Wearables once concluded:
Giving up a degree of privacy is a price to be paid for using a wearable device.
And now the question: Would that stop you from buying a wearable?
