Using connected wearable devices such as smart watches is convenient, but also presents risks. Reporters Without Borders (RSF) outlines wearable devices’ major drawbacks and gives recommendations on how to use them as safely as possible.
The convenience of wearable devices comes at a price. Smart watches, smart glasses, and fitness trackers provide the user easy access to their personal information, their other devices, and the internet. But poor security, constant tracking and data collection make them attractive targets for hackers: with the right knowledge, anyone can access a user’s personal information like their names, addresses, family members, or travel history. Here are some points journalists should bear in mind when using a wearable device, and advice to safely use it.
Wearable devices are usually not secure
Wearable devices often have very few security features. When syncing with other devices and cloud services, they typically transfer data unencrypted, meaning it can easily be intercepted. Their Bluetooth and Wi-fi features usually have few or no security measures in place, meaning viruses and malware can be transferred to a journalist’s other devices (phone, laptop, etc.) as soon as the wearable device connects to it – something they often do automatically.
Wearable devices are easily lost
Wearable devices are, by design, small, light, and convenient to carry around. But this makes them very easy to lose or be stolen. Because many such devices store information unencrypted and do not have biometric or PIN security, any data contained on the device is readily accessible to anyone who picks it up. If a journalist loses their device, their location data, profiles, and connections to other devices like their phone and computer are all compromised.
Manufacturers may disclose user data
In 2017, the company behind smart watches brand Fitbit (Strava) made headlines for publishing a map of its users’ training locations, unintentionally revealing the layout of US military bases and the locations of previously undisclosed “black sites” outside the country. In 2022, an investigation by Israeli disinformation watchdog FakeReporter found that security breaches in Fitbits had revealed personal and strategic information about Israeli Defence Force soldiers.
Recommendations
- Limit the personal information put into the device. This includes not inputting real names, addresses, or other identifiable information. Journalists should disable data sharing and collecting, connectivity, and location features unless they are essential.
- Do not sync with devices containing sensitive information. Journalists should ensure that their wearable devices do not contain sensitive information itself and do not connect, sync, nor charge with any devices that contain sensitive information.
- Assess the risks. Journalists should be wary of where they take a device, what functionalities they use, and which other devices or networks it could connect to. They should evaluate whether the convenience of using the internet or Bluetooth on a wearable device are worth the potential risks of being intercepted, hacked, or infected.
- Scrutinise manufacturers’ data policy. Journalists should read the manufacturer’s data policy and decide whether the company is transparent enough and whether the data is being used in ways that are justifiable and offset the risks laid out in this article.