Somebody hacked my smart sweater – and they know who stole my heart
It was the best of sweaters, it was the worst of sweaters. This garment had a cutting-edge design, was wind resistant, organically grown, and ethically produced. More importantly, this was a smart sweater that incorporated a full assortment of sensors that measured heart rates, blood pressure, perspiration, and more. Not only that, but this sweater had GPS sensors, keeping me on the straight and narrow – most of the time.
For real connectivity, I just had to tap on my chest to activate the sweater’s Bluetooth connection to my smartphone. This would upload all of my measured data, enabling an AI-driven analysis of my bodily functions to – for lack of a better word – recommend additional activities, sites, and find social connections.
The tale-tale sweater
With such impressive features and a cool look, who wouldn’t wear this smart sweater for a night on the town? Or a hot date. And so I did. Started in one café, met her with heart beating, palms sweating, then on to somewhere else, and yet another place. It was a night to be remembered – but not uploaded.
But uploaded it was – and not by me. In one of those pulsating nightspots; when the blaring lights, throbbing music, and captivating date distracted, I was hacked, and the bare details of my night were uploaded forever by someone else.
And a text message was sent to my device requesting a ransom payment of 2.3 bitcoin to stop the publication of my nights’ details – or face the potential bricking of my device, unraveling of my digital sweater, and the flooding of my device with ads for everything from stamina vitamins to hormonally enhanced cologne.
Knitting together fact or fiction?
At the moment, this smart sweater is not on the market – yet. But that could change in a couple of months. While “dressing smart” used to mean being fashionable and well groomed, it now means including technology into your garment selection.
Fitness is at the front of the smart clothing pack and there is a whole closet load of options available to exercise fanatics. These smart shirts, leggings shorts, socks and bags can collect data on your bodily performance, then transfer this data over to your smartphone. The apps on your smartphone can then upload this data to the cloud where it is analyzed and come back for you with real-time guidance on how to improve the workout.
These smart clothes are positioning themselves to replace devices such as fitness bracelets by providing a more complete and more accurate assortment of sensors. After all, who can argue that an in-shoe sensor isn’t well located to give precise info on your stride and heel/ground impact?
Feeling blue about my security
But then there are the security issues. Most smart clothes – and most fitness wristbands – now connect to the owner’s smartphone via Bluetooth technology.
Bluetooth is not an invulnerable technology. Researchers have found they can intercept messages from the Fitbit One and Fitbit Flex wristbands and access personal information as it is sent to the company’s cloud servers.
In late 2017, the BlueBorne vulnerability showed how devices using Bluetooth could be hacked by a bad guy simply close to the device without an internet connection. No social engineering, no clicks on dubious phishing sites needed – just a bit of close contact.
Life beyond a hacked sweater
With smart clothes – or almost any smart Internet of Thing device – the precise vulnerabilities and security issues will vary according to how the device is connected to the internet.
In the case with Bluetooth, the device sends the data to the phone, the app on the phone sends the data to the Internet and then the reverse – and this is quite a different set of issues than for an IoT CCTV camera that hooks up directly to the internet. And there are yet other additional issues with home WiFi networks. — Andrei Petrus, Head of the Avira SafeThings project.
Beyond the specific vulnerability which can change by the month, Andrei pointed out that the buzz over smart clothes overlooks the basic digital facts of life: smart devices – whether a sweater, your smartphone, or even just the apps on the phone – all record a lot of data about your personal life and where you are living it. The real question is whether you are fine with someone accumulating or picking through this trove of data? While enhancing a workout or your social life with a smart device might seem like a great thing, data brokers’ ability to combine data streams means that they can know a lot about you and your intimate activities.
Avira takes data privacy seriously. In the case of smart clothing, you can get protected by installing Avira Antivirus on your mobile device. The Privacy Advisor feature in Avira Antivirus for Android enables users to see what kind of data each app can collect about them.
From the smart home perspective, the new Avira SafeThings oversees the data traffic coming and going into the home from its perch at the internet gateway. By harnessing Avira’s AI and machine learning expertise, SafeThings can spot data anomalies that could signal security issues or a hacked device.
“The digital conundrum is that people are willing to provide some – but not unlimited – data about their lives in return for customized device features,” Andrei added. “The big question is how they can know what is being collected and then to control it. With Avira, they have that ability.”