Wearables, specifically smartwatches, have been a rapidly growing category and the data collected is similarly as immense.
Smartwatches have been designed to integrate themselves into every moment of the wearer’s life, whether awake or asleep, they record heartbeats, sleep patterns, workouts, you name it.
In new research by security firm Kaspersky, they have also become tools for spying on their owners, collecting signals that after analysis could be turned into datasets unique to the smartwatch owner.
“Smart wearables are not just miniature gadgets, they are cyber-physical systems that can record, store and process physical parameters,” said Sergey Lurye, a security enthusiast and co-author of the research at Kaspersky Lab. These datasets, if misused, allow the user’s activities to be monitored.
“Our research shows that even very simple algorithms, being run on the smartwatch itself, are able to capture the unique user’s profile of accelerometer and gyroscope signals. These profiles can then be used to deanonymize the user and track his or her activities, including the moments when entering sensitive information. And this can be done via legitimate smartwatch apps that covertly send signal data to third parties,” said Lurye.
Wearables are expected to net $28 billion (Sh2.8 trillion) globally this year. This makes them one of the largest and fastest growing segments in the market.
Smart wearable devices, including smartwatches and fitness trackers, are commonly used in sporting activities, to monitor our health and receive push notifications.
To carry out their main functions, most of these devices are equipped with built-in acceleration sensors (accelerometers), which are often combined with rotation sensors (gyroscopes) for step counting and identifying the user’s current position.
“In recent years, the cybersecurity industry has shown that private user data is becoming a very valuable commodity due to almost limitless criminal uses — from sophisticated digital profiling of cybercriminals’ victims to market predictions on user behaviour,” said Kaspersky.
Consumer paranoia over personal information misuse is growing, with many turning their attention to online platforms and data collection methods, other — less obvious — threat sources remain unprotected. For instance, to help maintain a healthy lifestyle, many of us use fitness trackers. But this could have dangerous consequences.
Not all data collected on these devices is capitalised for exploitation purposes, however, cybercriminals use it for their own malicious purposes, the possible consequences are limited only by their imagination and level of technical knowledge.
For instance, Kaspersky indicates that they could decrypt the received signals using neural networks, waylay victims, or install skimmers at their favourite ATMs.