Estimated read time: 5-6 minutes
This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.
LEHI — This holiday season, trendy wearable devices are flying off the shelves.
While fitness trackers, smartwatches and even smart clothing can make for fun presents, experts say consumers should keep the devices' potential security weaknesses in mind while shopping. Most wearable devices connect to the Internet or are Bluetooth enabled, meaning they could be vulnerable without safeguards like data encryption and authentication.
Jason Sabin is the chief security officer at Utah-based Digicert, which provides SSL certificates — recognizable as the padlock that shows up on secure websites — for organizations that include Facebook, PayPal and NASA. He said that as an avid runner he likes the idea of a lot of wearable devices, but that as a security expert the lack of protection scares him.
"A lot of these companies are trying to produce these devices, these features on top of their wearables, and a majority of the time they're actually not thinking about security or privacy for the individual at all," he said. "For example, there was a recently published study in July that went and actually found that the top 10 smartwatches all had significant security problems."
Below are some points people who are interested in wearable devices should keep in mind, according to Sabin.
Hackers could steal personal information
With fitness trackers monitoring people's activities 24-7, some companies are collecting massive amounts of data. This provides a ripe opportunity for hackers to target health-related data like the information collected by wearable devices, according to Sabin. He said that since credit card companies have improved methods of cutting off funds once an account is compromised, hackers are shifting their focus and instead finding it is easier to gather and monetize health care records.
Even though there haven't been significant problems reported with hackers and wearables just yet, Sabin said it might just be a matter of time. He likened it to people thinking credit cards were safe to use online without protective measures.
"A lot of people were using credit cards online and not realizing the security implications at the time — it wasn't until there actually was big, massive data breaches," he said. "So you're starting to see some of those data breaches (with health information), but a lot of people, they're not paying attention to them or they don't know how to go read about them. A lot of these people will buy their wearable device for a specific purpose, not realizing that there could be a problem later."
Companies could sell info
Another potential threat to privacy comes not from hackers, but from the device manufacturers themselves, according to Sabin. He said that because many people don't pay attention to end-user license agreements — the legal fine print people are supposed to read and agree to before using a device — consumers could inadvertently give manufacturers permission to share their information with third parties.
"They could actually be selling a lot of their information just by clicking a little button really fast," he said.
Sabin speculated that one third-party group that could be interested in health information is insurance providers. He said if insurance companies obtained data from fitness trackers to see whether or not customers are maintaining an active lifestyle, there is a danger that the information could be misinterpreted.
"For example, let's say that if you go to an annual checkup you do pretty well in those, but then you're also wearing a FitBit. If the insurance companies can get access to that they can actually use that to say, 'Well, you did a good job in your annual health check up but your daily activity is not so swell,'" Sabin said. "So you could actually see health insurance premiums rise because of data that was collected for years and years because there was no privacy or security around those devices."
Buy from reliable companies
For those who want to buy a wearable device, Sabin said shoppers should avoid buying the cheapest device but instead find a reputable brand. In general, larger companies are better at paying attention to protecting customers. He said low-budget wearables where companies stamp their brand on generic devices tend to have little to no security.
"It's important to buy from a company that actually cares about security," he said. "A lot of times, you have people who are just trying to make a quick buck with these products and are mass manufacturing a quick device to see if they can sell it and not actually caring about security and privacy, versus if it's bought from a larger company, typically they've actually invested time and capabilities within security to say is this good or is this bad."
Being choosy about brands is the best way for consumers to let companies know they want their information to be protected, according to Sabin.
"I think the most important thing is that consumers are really voting with their pocketbooks," he said. "The consumer dollar really is the ultimate factor that decides whether companies are going to take security and privacy seriously. You only want to buy products that can guarantee that they will actually protect your data."