Mobile Finance Blog

Finance Blogs » Mobile Finance » Trendy ‘wearables’ a hacking risk?

Trendy ‘wearables’ a hacking risk?

By Claes Bell, CFA · Bankrate.com
Thursday, July 3, 2014
Posted: 1 pm ET

Wearable electronics, such as "smart watches," fitness bracelets and, of course, Google Glass, are all the rage right now. But as usual, the technology may be moving faster than users' ability to understand and deal with the potential risks.

mobile-blog-smartphone-app-transfer-wearable-watch

Wearable devices work by establishing a link to a smartphone (or other device) via a Bluetooth connection, the same type of connection that allows you to gab on your phone through a wireless headset.

The problem? Bluetooth connections can sometimes be easy pickings for hackers looking to snoop around in your device or listen in on your transmissions, says Kayvan Alikhani, senior director of technology at RSA, the security division of EMC, a business information technology firm.

Alikhani says that Bluetooth is vulnerable to two main types of attack:

  • Intrusions into your phone or mobile device, where a hacker is able to gain entry to information stored on your device by connecting to it without your knowledge. These attacks can typically yield contact lists and other sensitive information culled from your phone's memory.
  • "Man in the middle" attacks, where a hacker is able to listen in on the communications between your phone and a wearable device.

While most people probably don't keep too much financial information on their phones, it seems likely identity thieves could mine phones for addresses, phone numbers and other useful information.

Thieves can also gain valuable information about a user's device for a subsequent attack, Alikhani says, as well as pictures, videos and text messages.

"I would put it on par with Wi-Fi, with the same level of communication risk," Alikhani says. "However, in Bluetooth, because it's not as commonly used as Wi-Fi, the vulnerability is that people are not as aware."

Risk varies from device to device

Because convenience and security are often at odds when it comes to establishing connections between devices, the security of Bluetooth connections can vary widely.

"Like any communication protocol, there are good implementations and bad implementations," Alikhani says.

For instance, iPhones are only "discoverable" by other Bluetooth devices when users are actually in the phone's Bluetooth menu. Some Android phones, on the other hand, can be configured to be discoverable by default, which may open them to attack.

In the same way, some wearable devices may have a more secure connection with phones than others, Alikhani says.

So what's a user to do?

The United States Computer Emergency Readiness Team has these tips for protecting yourself from Bluetooth device attacks.

  • Disable Bluetooth when you're not using it.
  • Use Bluetooth in hidden, rather than discoverable mode when possible.
  • Be careful where you do your device paring, which is when Bluetooth-enabled devices are at their most vulnerable. Pairing in a public place could be risky.
  • Learn and use your device's security settings. If your device offers encrypted Bluetooth connections, you want to take advantage of that.

It also seems likely that if wearables catch on in a big way, awareness of the security risks, and the technology for dealing with it, will eventually catch up.

What do you think? Do you use wearable devices? Would you?

Follow me on Twitter: @claesbell.

«
»
Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.
2 Comments
Star Martin
July 07, 2014 at 11:47 pm

Most people are in their own world when running with their
ear phones / plugs. Please remember that you are at
a big disadvantage while wearing these devices for you are
unaware of others. A person can run up right next to you.
You might think " OK, fellow runner" and not pay anymore attention to them. You can be deadly wrong.
This is when people get mugged, rapped and possibly followed
to see where you live and return later. Be careful
out there exorcising it isn't worth risking your life.

Joseph Medvedov
July 07, 2014 at 1:05 pm

Why wouldn't you warn people that any distraction in public is a hazard. Texting and driving and walking. Listening to or playing with any device in public should be discouraged because no one is safe when they are distracted. You may not care what happens to yourself but think about how you can have a negative influence on the lives of innocent bystanders.

Add a comment

(Comments may take 5-10 minutes to appear)