Wearable devices include smart glasses and headgear, smart watches, fitness trackers, wearable medical devices and smart clothing and accessories. The last two years have seen an exponential growth in the use of wearables; a study by IDC has predicted that by 2019, there will be 780 million wearable devices in commercial use.
As personal and corporate consumer usage increases and we realise the benefits, we should also understand the threat to privacy, security and the ethical implications surrounding wearable devices.
An example in the workplace is how wearables can help with employee authentication to information and buildings, and also increase productivity. A study by Rackspace showed that the productivity of employees using wearables at work increased by 8.5 percent, and that they were also 3.5 percent more satisfied with their jobs. However, these wearable devices are innovative products and not typically developed with ‘security by design’ in mind.
It is important therefore for organisations and individuals to consider the security implications of wearables. Where is all my information stored? Who has access to it? How will it be used? With the unprecedented advancements in technology such as the Internet of Things (IoT), mobile apps (the Apple Store is predicted to hit 5 million apps by 2020) and indeed wearables, vast quantities of data are being produced and the challenge is how to control where information is ending up. Data stolen from such wearable devices has become readily available to be sold on the Darknet to wider audiences, including competitor companies and nation states.
The security limitations of wearables have already raised privacy and ethical concerns. Many wearables use Bluetooth connectivity: a wireless short range technology, across which data is exchanged. Bluetooth relies on ‘frequency hopping’ whereby several devices will be transmitting signal across the same frequency at the same time. Signal interception by cyber criminals poses a huge and growing threat to business networks. It has recently been revealed that seven major fitness trackers such as a Fitbit can leak data, even after Bluetooth connectivity has been turned off. These pitfalls therefore increase the cyber vulnerability of wearable devices, as hackers are more easily able to steal confidential information, across these unencrypted feeds.
Infections from malware also pose a major threat to wearables. Market leading products, including Fitbit and Apple Watches, are vulnerable to suffering an attack by malware. In October 2015, Fortinet claimed that Fitbits could be hacked into in a matter of seconds and infected with malware. Furthermore, use of an Apple Watch could transfer personal information, through microphone breaches, if injected with malware. The sound produced by inputting passwords could be recorded and listened to by hackers. The hackers could then use mathematical algorithms to crack passwords with ‘80 per cent accuracy on first try ‘.
Smart wearables can be the unapparent weak link that results in e-commerce and network shutdowns. Infected wearables can lead to networks becoming overrun by malware taking a business facility offline for a few hours, or even weeks, which would negatively impact upon customer service and business reputation. These attacks are known as DDOS attacks (Distributed Denial of Service).
With 1 in 10 employees predicted to possess a wearable in the workplace by 2019 (ABI Research from McAfee Labs Report, 2016 Threats Predictions), the wearable marketplace will continue to grow and develop, and businesses will need to embrace this contemporary consumer trend whilst protecting themselves and their employees. Wearables can pose a significant threat to an organisation’s privacy, if there is no guidance and monitoring in place.
To manage potential risk, businesses will need to adapt both their culture and policies. In dealing with an attack or ‘near miss’ via a wearable, companies should adopt the same approach as dealing with any cyber security breach. The company policies should be updated to reflect these new technologies and limit the organisation’s liability by making sure the user is aware of their cyber implications and responsibility. A combination of technical safeguards, education and strong internal training will ultimately help to reduce any negative consequences that may arise from cyber-attacks.
It is imperative that businesses and their employees recognise the benefits, but equally risks and potential vulnerabilities, of allowing wearables within the workplace.
 ‘McAfee Labs: 2016 Threat Predictions’ (October 2015)
 ‘Human Cloud at Work: A study into the impact of wearable technologies on the workplace.’ (2014) Taken from a quantitative study by Dr. Chris Brauer (Goldsmiths) of 300 individuals over the course of two years.
 Darknet: refers to networks that cannot be found by search engines like Yahoo, Google or Bing. They can only be accessed by specific software or authorisation.
 ‘Every step you fake: A Comparative Analysis of Fitness Tracker Privacy and Security’ by University of Toronto’s Citizen Lab and Open Effect (2016): https://openeffect.ca/reports/Every_Step_You_Fake.pdf
 Malware: a term used to describe software which can attack and infiltrate a computer without the user’s consent.
 Quote from Yan Wang, (Binghamton University) – http://zeenews.india.com/business/news/technology/beware-your-smartwatch-can-reveal-your-atm-pin_1904665.html)