Is My Fitness Band Protected? An Exercise in IoT Security

I recently bought a fitness band to track my daily workouts and quickly got hooked. The invaluable insights it provided through data analysis, coupled with the constant reminders it pushed out to help me achieve my fitness goals, got me thinking about how the Internet of Things (IoT) is transforming our way of life and shaping our future.

However, my enthusiasm for the fitness band waned somewhat when I read a piece on the IoT security issues it posed. Did you know that cybercriminals can track the movements of your wristband to steal your ATM personal identity number (PIN)? In fact, the success rate can be as high as 90 percent, according to recent research. I was so nervous about the potential consequences that I immediately abandoned my band.

Perhaps that was a bit of an overreaction. After all, certain devices do take steps to protect user identities. The Apple Watch randomizes the media access control (MAC) address of its user every 10 minutes to protect identities, for example, and many wearables regularly update devices and their corresponding mobile apps to close security holes and fix bugs.

Better Safe Than Sorry

By 2025, according to GSMA, the world will have approximately 27 billion connected devices, all of which will need to be reliable and secure. As we move to a more connected world, cybersecurity risks increase manifold. The rising volume of ransomware attacks is proof that digitally connected devices not only pose a financial risk, but also can threaten human lives if breached.

Security professionals, device manufacturers and users alike must be cognizant of the risks that connected devices, including my seemingly innocuous little fitness band, expose us to. We need to minimize these risks if we intend to adopt this life-transforming IoT technology. According to Markets and Markets, the global IoT security market is expected to grow from $6.62 billion in 2017 to $29.02 billion by 2022, at a compound annual growth rate (CAGR) of 34.4 percent during the forecast period.

As more people invest in wearable devices and start paying attention to IoT security, there’s a better chance manufacturers start building in safeguards. In this case, market competition is a good thing: The fitness bands of tomorrow could set themselves apart by offering stronger security controls and enhanced privacy.

IoT Security Is a Shared Responsibility

Increased security awareness is the first step toward fighting IoT threats. Both manufacturers and end users should take equal responsibility to stay protected and minimize security lapses. For example, various layers of cloud, application and network security offerings need to be secured by the manufacturer or vendor. They should ensure that the IoT devices they produce adhere to stringent compliance regulations. Finally, vendors should always plan manual overrides for automated systems in case of a security breach.

As consumers, we must be aware that poor security hygiene is all most attackers need to breach a system. After all, 95 percent of all security incidents involve human error, according to the “IBM Security Services 2014 Cyber Security Intelligence Index.” We should never underestimate the value of using strong passwords, changing default passwords and installing firewalls. Additionally, antivirus, antiphishing and two-factor authentication solutions can go a long way. Most importantly, users should be cautious when clicking on unknown links and use encryption to protect sensitive data from unauthorized access.

Data is a gold mine for cybercriminals, so it’s time we start protecting our devices by any means possible. Vigilance and preparation are the best ways to stay ahead of the bad guys.

Listen to the podcast series: Five Indisputable Facts About IoT Security

Share this Article:
Preeti Sahu

External Relations Specialist, IBM

Preeti Sahu supports Security and Global Technology Services business units at IBM as an External Relations Specialist and is responsible for churning out high quality content for the team in various formats. Her current role involves creating, editing and repurposing assets like press releases, blogs, executive announcements, byliners, social content etc to name a few. Her educational qualification includes MBA in Communications Management from Symbiosis International University and B.E. from Biju Patnaik Technical University. She has over seven years of professional experience spanning technology and communications.