With the Internet constantly at our fingertips, we have become far more educated on many topics which were once only known to experts. One of the highly popular areas where this is true is personal health — any information regarding a good diet plan, a targeted workout regimen, or what your current symptoms mean can be found with relative ease due to the sheer wealth of what the Internet has to offer. With advancements to technology in the modern era, we have a plethora of devices to help us in the tracking of key aspects of our own personal wellness journeys. These Internet-capable devices are mere pieces of the massive puzzle that is the Internet of Things.
The Internet of Things (IoT), or the connected network of various Internet-capable devices (or “things”), has made everyday items far ‘smarter’ than ever before. One of the biggest risks when it comes to IoT devices is the potential for personally identifiable information (PII) to be left vulnerable to potential hackers. When it comes to those IoT devices which are utilized as health-tracking tools, the usual PII such as full name, birthday, or home address are still left vulnerable; however, with the ability to track our own personal health, we expose some of our most personal and private data to potential cyber attack — and even physical danger as well. This is where the Internet of Things can cause incredible vulnerabilities to the unsuspecting consumer.
With it still being fairly early on in the new year, there are likely a few people still sticking with their New Years’ Resolutions to get in better shape. One of the main ways people stay on track with these goals is through their phone, primarily through different health and wellness apps. Google searches for fitness and dieting apps for iPhone and Android products spiked to a 12-month high for each in late December 2019/early January 2020, when people are determined to set and stick to those New Years’ Resolutions.
Some fitness apps allow users to track their runs via GPS and Bluetooth. This presents a potential physical threat to the user if the app utilized is not secure, as the information collected from each run includes location, duration, and time of day. While the fact that your mile time is getting faster and faster each week is not relevant to a hacker, however, the fact that you are out for an hour-long run every Saturday morning leaves you vulnerable to real life crime.
Many of these apps have the capability to connect to what are known as wearables, devices, such as FitBits and Apple Watches, that track health data such as heart rate, sleep analysis, and even the detection of diabetes and anxiety attacks and then transfer this data to linked apps on the user’s phone. Though helpful in tracking health and wellness, these wearable devices present similar threats to your cyber and physical well-being as the apps to which they are connected; however, the threats are deepened even further when considering the security of the connection between the wearable and the phone. Most of these connections are via Bluetooth and this can be an especially vulnerable connection.
One of the biggest Christmas gift trends of 2019 was the at-home Internet-connected cycling bike. While these machines provide users with the ability to have the atmosphere and connection of a fitness class from the comfort of their homes, they also present a new, unique front in the cyber threat landscape.
Similarly to wellness-centric apps, connected exercise equipment collects some of your personal data, including your location. This is especially unnerving for things like the Peloton and NordicTrack bikes which are only ever located in the users home – providing hackers with a specific address of where to find a +$2,000 piece of highly in-demand equipment. It is crucial to protect the networks to which these devices are connected.
Health Tracking Devices
While things like wellness-tracking apps and connected workout machines focus more on physical fitness, there are other advancements in Iot health devices to help individuals with diseases such as diabetes, asthma, and heart issues to have advanced medical-grade help right from their homes.
For people with diabetes, smart insulin pumps have become an excellent way to get real time information from the pump to the doctor. A major benefit of this technology is the ability to let doctors know of any significant irregularities in a patient’s levels. However, a few years ago, a very real threat emerged threatening users’ lives.
A group of researchers showed just how serious the vulnerabilities in these devices could be in a highly popular pump by Medtronic. Researchers Billy Rios and Jonathan Butts showed how simple it was for them to create an app that could get into these devices remotely either withhold much-needed insulin from the user of the pump or even provide a lethal dose to the unsuspecting patient. While researchers such as Rios and Butts utilize their cyber know-how to show companies where to fix their issues, hackers with ill intent could physically harm innocent users through something as vital to them as their insulin pumps.
How can you protect yourself?
Utilize Two-Factor Authentication where available
This applies to all categories of IoT health devices described above. With cybersecurity becoming a growing area of both interest and concern for consumers and companies alike, many companies offer the option to verify that you are in fact the legitimate user via multi-factor authentication, usually in the form of two verifiers such as a password coupled with a code sent to your email or phone. Though this may seem like an unnecessary extra step in signing on, it can help prevent your data from falling into the wrong hands.
Thoroughly vet a company or device before providing PII
Do not use an app if it is asking too much of you. An app or company is considered risky when it asks for more of your information than is reasonably needed, collects private data of yours to distribute to third parties, or requests to use your location at all times, even when you’re not using the app itself. Research app companies prior to installing an app on your phone to prevent risk. If you are weary, do not download. Additionally, ensure all apps are not only legitimate, but up-to-date as well, as this will help to protect against any potential Bluetooth threats.
Secure your at-home internet
Utilizing a secure, regularly updated, and monitored firewall to protect your network helps to ensure your IoT devices that are connected to your home Wi-Fi network are not vulnerable to attack.
Stay educated on cyber-threats
- Set a news alert for growing cyber threats.
- Keep up-to-date with cybersecurity blogs.
- Teach others what you learn for a better protected network.
Image by Freepiks