Wearable Technology: Be Smart with your Smartwatch

Electronic devices designed to be worn on the body as accessories or implants, as well as integrated into clothing, are considered “wearable technology.” What began as simple tools, like medical sensors and watches, have evolved into a massive ecosystem of smart devices woven into our daily lives. Wearable tech now includes smartwatches, jewelry, AR/VR glasses and clothing. New wearable technology products are being developed constantly.

These devices fall under the broader category of the “Internet of Things” (IoT), which includes any device that has online connectivity, and these gadgets are rapidly growing in adoption. With an estimated 75+ billion connected devices currently in use worldwide, wearable technology (also known as “wearables”) play a major role in health, productivity, entertainment and workplace efficiency.

As the use of these devices grows globally, so too does the amount of our personal identifiable information (PII) collected by these devices. Your location, health metrics, movement patterns, behavioral data and even biometric information are often stored and transmitted online. This vast digital footprint creates a valuable target for cybercriminals. Check out our most recent newsletter on IoT safety, then read the tips below to know the risks of wearable technology and how you can stay safe while benefiting from these innovative products.

What are the Dangers of Wearable Technology?

Weak or unsecured wireless connections

• Wearables frequently use Bluetooth technology, Wi-Fi, near field communications (NFC) and proprietary wireless protocols. These communication channels can be exploited if they are not secured with strong encryption.
• Attackers can use tactics like ‘Bluetooth sniffing,’ ‘man in the middle’ attacks, or unauthorized pairing to intercept your data or give malicious commands.

Data collection and privacy risks

• Wearables gather and store large amounts of sensitive data.
• If this data is stolen, intercepted or sold without your consent, it leaves you open to fraud, blackmail and scams.
• A company may unknowingly expose users’ information if their data is breached, especially since data is often shared with third-party apps.

Unsecured or outdated software

• Wearables commonly lack robust update mechanisms, meaning that critical security patches may be delayed or unavailable. Some devices stop receiving updates soon after launch if they do not remain popular, leaving vulnerabilities unpatched and a backdoor for attackers to get onto your network.
• Outdated firmware can allow attackers to exploit documented weaknesses.
• A device that is not regularly updated becomes increasingly vulnerable the longer it remains in use.

How to Secure Wearable Tech

Enable multifactor authentication (MFA).

• Most wearables rely on companion apps or cloud accounts to store data, sync activity and manage device settings.
• Enabling MFA adds an extra layer of protection beyond just a password.
• Even if someone gets access to your credentials, they will not be able to access your account without the second verification step, such as text message code or biometric confirmation.
• This quick step is one of the simplest but most effective ways to prevent unauthorized access to your data.

Review data sharing and privacy settings.

• Reviewing your device’s privacy settings helps you understand what data is being collected, where it’s stored and who has access to it.
• Limiting permissions, such as location tracking or access to contacts, reduces your exposure.
• Learning how your data flows between your device, the manufacturer and third-party apps helps ensure that you are not sharing more than you intended.

Keep firmware and apps updated.

• Regular updates include security patches that fix vulnerabilities after the device was released.
• Wearables often operate continuously and remain connected to networks, making them susceptible to exploits from cybercriminals.
• Enable automatic updates where available to stay protected without having to check manually.
• Any companion apps should also be updated regularly.

Use strong, unique and complex passwords.

• Many wearables require passwords for associated accounts or apps.
• Using a weak or recycled password increases the risk of an attack where attackers test leaked passwords across multiple systems and accounts.
• Creating a strong password makes it much more difficult for attackers to break into your wearable ecosystem and network.

Choose devices from reputable manufacturers.

• Not all wearables are created with security in mind. Devices from lesser-known companies may lack encryption and other security and privacy policies.
• Buying from reputable manufacturers increases the likelihood that the device will receive continuous security updates and follow standardized cybersecurity practices.
• Before making your purchase, review the manufacturer’s security documentation, third-party certifications and user reviews.

Wipe devices before selling or recycling them.

• Before you dispose of or sell wearable technology, perform a factory reset on the device. The manufacturer’s website will have details on how to correctly perform the reset.
• Wearables often store PII locally and failing to wipe the device can leave your information exposed.
• Remove paired accounts, unpair the device from your phone and reset it to ensure no personal data is accessible.

Wearable technology continues to enhance our lives, offering powerful tools for health, productivity and convenience. But as these devices become more deeply integrated into our personal routines and workplace environments, they also introduce new security and privacy challenges. By understanding the risks and adopting simple protection measures, users and organizations can enjoy the benefits of wearables without compromising safety and PII. Staying informed and proactive is the key to keeping data and devices secure.

Cyber Habit of the Month: Recognizing and Preventing Ghost Tapping

Ghost tapping occurs when someone, usually in a crowded area, attempts to initiate contactless payment from your phone or credit/debit card without your knowledge or approval. Criminals take advantage of the NFC technology used by debit cards, credit cards and smartphones by using some type of portable reader, either in their pocket or even at a fake kiosk.

To protect yourself from these attacks, you can use radio-frequency identification (RFID) blocking protection, like a phone sleeve or wallet. Make sure you always confirm that the payment details, including the merchant and the amount to be paid, are correct.

Go into the settings of your financial institution’s app and set up transaction alerts, which let you know in real time that a transaction has been made with your card or phone. Review safety settings on your phone and opt out of features that could be exploited by a criminal, such as the “express transit card” feature. Keep a close eye on all your financial accounts and report any suspicious activity immediately. Finally, only bring what you need when you are out and about; the more payment methods you have on you, the more easily you could be a victim of ghost tapping!

Additional Resources

• Better Business Bureau: Guide on Spotting and Avoiding Tap to Pay (Ghost Tap) Scams
• FDA: Medical Device Cybersecurity: What You Need to Know
• FightCybercrime.org: The Dangers of Wearable Tech