Handheld Devices

Will Wearable Devices Lead To More Theft?

A CCS Insight infographic released in August this year pictured a man wearing a collection of wearable devices. The image accompanied the claim that by 2018 over 250 million smart wearables will be in use in the world, 14 times more than in 2013. Is this a little on the high side? Probably not since Apple’s launch of the iPhone 6 and the Apple Watch, which catapulted the company’s products back to the forefront of desirable devices. Apple has a knack of popularising mobile technology so CCS Insight’s vision is not so far-fetched, but it does underline the question of security.

The infographic was useful in that it clearly showed what is possible – Google Glass eyewear, wearable cameras, smartwatches, smart jewellery and wristbands – but this also highlights the vulnerability: the amount of expensive hardware we are going to carry about surely poses a security risk.

UK Home Secretary Theresa May in a speech in September raised concerns about the current boom in smartphone theft caused by people “increasingly carrying their lives in their pockets, with bank details, emails and other sensitive personal information”. The UK Government has brought in the Mobile Phone Theft Ratio "to inform the public about the handsets which have been most at risk of being targeted by thieves," she added.

It’s no surprise that iPhones top the charts on this front, followed by the Blackberry 9790 (HTC and Samsung were also on the list). There were 742,000 victims of mobile phone theft in England and Wales during 2012-13. In London alone, almost 100,000 mobile phones were reported stolen to the Metropolitan Police during 2013.

So what does this mean for wearables? Are we on a hiding to nothing? Should we just accept that some of us are going to be unlucky?

We asked six industry experts for their opinions on wearables – will people with wearables be walking around with a sign saying ‘mug me’ and will they also be more prone to hacking?

Wendy Nather, research director, security at 451 Research:

“Wearables will probably be stolen, but not quite as much as mobile phones, for a couple of reasons. One is that wearables today are really designed to be most useful when paired with a phone, so if you steal just the wristband part, it doesn’t get you that far. The other reason is that people don’t take wearables off and put them down as often as phones that you can accidentally leave in a restaurant or taxi. Nevertheless, once wearables become a fashion statement in and of themselves, because of their materials or cachet, they’ll probably be stolen more just like other expensive jewellery. As to whether these wearables can be hacked: absolutely. There have already been proof-of-concept exploits at hacker conferences, and that will only continue to grow. What consumers often forget is that there’s usually a cloud component behind the functionality of these items — for example, your step count and sleep data will be stored in the vendor’s cloud as well as on your phone, so that data is subject to the same sorts of breaches that we have already seen with cloud-based personal information. The only difference is that attackers are probably less interested in how many steps a celebrity took yesterday.”


Dr Bangdao Chen, CTO, data security firm OxCEPT

“Wearables are less vulnerable to theft than smartphones simply because we carry them in a more secure manner - by ‘wearing’ them as opposed to keeping them in our pockets, dropping them in our bags or walking around holding them in our hands. At the moment, most wearables hold simple data like jogging logs, heart rates, and phone logs, so this sort of data is likely to be less attractive to muggers than the sort of data, such as banking and payments related data that smartphones often contain. Most of our sensitive data is still stored on our phones. But the situation may change in the future. As more consumers adopt the technology we can anticipate a steep growth curve in application development for ‘smart wearables’. For example, there are trends of storing more credentials on wearables, enabling them to become security tokens or keys which can unlock doors, email accounts or computers.  As the momentum for integrating wearable technology into our daily lives grows we are likely to see an increase in personal and sensitive data being harvested and stored on them. And they become more attractive to muggers accordingly.”


Bob West, Chief Trust Officer at cloud security firm CipherCloud

“Smartphones are more established than wearables, so they are a bigger target for thieves than wearables. As manufacturers design sleeker wearables with longer battery life, these devices will become fashionable among thieves initially for reselling the hardware itself. Companies from Apple and Google through to many start-ups are all betting on wearables as the new wave of computing, so it’s only a matter of time before wearables hit the market in a big way. When that happens, as it did with smartphones, information theft will be part of that experience. The concerns for protecting information and complying with privacy regulations are uniform. If personal data is stolen, ICO (Information Commissioner’s Office) won’t care if the breached device was a smartphone or smart glass. This validates what many security leaders have said about the importance of a data-centric protection strategy. 


James Frost, Senior iOS Developer at mobile app maker Mubaloo

"Apple has added a feature to iOS 7 called Activation Lock, which can essentially render a stolen device unusable unless it's unlocked with the user's iCloud account. This has already had a big effect on the number of thefts in cities like San Francisco and New York. Thefts in San Francisco dropped by 38% in the six months after this feature was added. This sort of feature is now starting to become legislation in many US states and other markets may do the same. Advancements in phone security will likely be featured on wearable devices to offer equivalent levels of security to all mobile devices. There is even the opportunity to increase security for all mobile devices, with the introduction of wearables. With the addition of features such as Touch ID, and 'secure enclaves' built directly into the hardware, it seems that these devices are only getting more secure, and harder to 'hack'. If wearables are protected with similar functionality to Activation Lock (perhaps your Apple Watch will be useless if it's not used in conjunction with your personal iPhone), then I think there might be less concern about theft than with traditional phone devices. It might even work the other way to make phones more secure; your iPhone may only work if it detects your wearable nearby. Wrist-mounted devices can also be more subtle and easier to hide than a phone; if you're wearing long sleeves, nobody knows if you're wearing one or not.”


Chris Camejo, Director, NTT Com Security

“Anything can be hacked. The Apple Watch’s ability to run apps and share data with a paired iPhone tells me that we should have just as many concerns about a stolen watch as we would for the mobile itself. Stolen data is stolen data no matter how small the device is and every app is a potential vulnerability waiting to be exploited. That said, in spite of a few stumbles, Apple has a fairly good track record with security and one would hope that they have taken the lessons they’ve learned in the past with the iPhone into account when designing their watch. They’ve likely taken the same sandboxing approach for apps that they use on the iPhone. Using strong encryption to both protect data from eavesdropping and verifying the identity of any connected phone would be good first steps to prevent wireless attacks. Features like an automatic wipe if someone tries to pair the watch with a new device would also help if devices get stolen. How easy it is to open it up and extract data directly from the on-board storage will remain to be seen. I’m more worried about all of the non-Apple products that are sure to come. Android has been the target of 90%-plus of mobile malware. I don’t think it’s a coincidence that it’s much easier to get the sort of privileges necessary to compromise the device on the Android platform. I’m worried that all of the competing products that are rushed to market will suffer the same fate and the more features that Android watches gain the more backdoors they will provide into the user’s data.”


Charles Sweeney, CEO, web and email filtering company Bloxx

“There has been a lot of scaremongering around wearables, especially when earlier in the year a researcher released the findings of a study that concluded Google Glass was a security risk. The big revelation was that people could see your PIN or password on screen, note it down and then use that information for their own gain. Arguably other wearables are also more vulnerable in this respect, unless you intend to cover your watch every time you key in your PIN. The fact is that public theft of PINs and other confidential information is not a new risk. ‘Shoulder surfing’ whilst people type in their PIN to withdraw money is a well-established practice. What wearables bring with them is a new take on an old problem. The issue at hand isn’t wearables themselves, it’s about how we protect our digital identities. It is becoming increasingly apparent that passwords simply aren’t the way forward in the connected future, so there is a real need to look at alternatives to prevent data breaches.”


Marc Ambasna-Jones is a freelance writer and communications consultant that has written about technology trends and issues for over 24 years for national newspapers, consumer and business magazines. He can be found on Twitter @mambjo.


« WhatsApp with Your Value as a User?


Confused? A Bluffer's Guide to the HP Schism »
Marc Ambasna-Jones

Marc Ambasna-Jones is a UK-based freelance writer and media consultant and has been writing about business and technology since 1989.

  • Mail


Do you think your smartphone is making you a workaholic?