I know a number of people who wear fitness trackers or other wearable devices because their employers’ health insurance either offers incentives for doing so or, in at least one case, requires they wear them.
In any case, wearables and apps that monitor our health have entered the workplace. Perhaps your company is one of those that use such a device or app. If so, what is being done to protect the data transmitted via these devices and apps? While this may seem more like an HR issue for now, the management of wearable devices needs to transfer to the IT and security departments (if it hasn’t already). The reason is simple: Employees are worried about security and privacy. According to a survey by Healthline, nearly half of respondents (45 percent) expressed serious concern about hackers gaining access to their medical information, and that concern is spread over a variety of devices.
Privacy and security of medical apps and fitness devices isn’t the only concern involving wearables. New research from Symantec on the history of ransomware reported that wearables are going to be the next big target. In the past year, we’ve seen how the developers of ransomware have stepped up their game to attack computers and mobile devices. As the Symantec blog pointed out, because ransomware is already on Android smartphones, it only goes to follow that it will make its way to wearables, especially if the wearable is paired with an infected phone:
As the smartwatch was paired with the phone, the ransomware was also pushed onto the smartwatch. Once installed on the smartwatch, the malware could be executed by the user if they were tricked into running it, thinking it was a useful app.
After the ransomware was executed, it caused the smartwatch to become generally unusable. Simplocker has a routine that checks for the display of the ransom message every second, and if it is not shown, it will push it onto the screen again. This activity prevented us from using the device. Simplocker also encrypted a range of different files stored on the smartwatch’s SD card.
While ransomware for wearables isn’t out in the wild yet, you and I both know that it is only a matter of time. On the plus side, this gives IT departments the opportunity to get ahead of the problem with security policies and procedures specifically for wearables.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba