Wearable electronics, such as "smart watches," fitness bracelets and, of course, Google Glass, are all the rage right now. But as usual, the technology may be moving faster than users' ability to understand and deal with the potential risks.
Wearable devices work by establishing a link to a smartphone (or other device) via a Bluetooth connection, the same type of connection that allows you to gab on your phone through a wireless headset.
The problem? Bluetooth connections can sometimes be easy pickings for hackers looking to snoop around in your device or listen in on your transmissions, says Kayvan Alikhani, senior director of technology at RSA, the security division of EMC, a business information technology firm.
Alikhani says that Bluetooth is vulnerable to two main types of attack:
- Intrusions into your phone or mobile device, where a hacker is able to gain entry to information stored on your device by connecting to it without your knowledge. These attacks can typically yield contact lists and other sensitive information culled from your phone's memory.
- "Man in the middle" attacks, where a hacker is able to listen in on the communications between your phone and a wearable device.
While most people probably don't keep too much financial information on their phones, it seems likely identity thieves could mine phones for addresses, phone numbers and other useful information.
Thieves can also gain valuable information about a user's device for a subsequent attack, Alikhani says, as well as pictures, videos and text messages.
"I would put it on par with Wi-Fi, with the same level of communication risk," Alikhani says. "However, in Bluetooth, because it's not as commonly used as Wi-Fi, the vulnerability is that people are not as aware."
Risk varies from device to device
Because convenience and security are often at odds when it comes to establishing connections between devices, the security of Bluetooth connections can vary widely.
"Like any communication protocol, there are good implementations and bad implementations," Alikhani says.
For instance, iPhones are only "discoverable" by other Bluetooth devices when users are actually in the phone's Bluetooth menu. Some Android phones, on the other hand, can be configured to be discoverable by default, which may open them to attack.
In the same way, some wearable devices may have a more secure connection with phones than others, Alikhani says.
So what's a user to do?
The United States Computer Emergency Readiness Team has these tips for protecting yourself from Bluetooth device attacks.
- Disable Bluetooth when you're not using it.
- Use Bluetooth in hidden, rather than discoverable mode when possible.
- Be careful where you do your device paring, which is when Bluetooth-enabled devices are at their most vulnerable. Pairing in a public place could be risky.
- Learn and use your device's security settings. If your device offers encrypted Bluetooth connections, you want to take advantage of that.
It also seems likely that if wearables catch on in a big way, awareness of the security risks, and the technology for dealing with it, will eventually catch up.
What do you think? Do you use wearable devices? Would you?
Follow me on Twitter: @claesbell.