Wearable device users beware! 33 vulnerabilities found

Wearable device users beware 33 vulnerabilities found

Wearable devices are part of the digitalization in the healthcare industry. Thus, patients can be monitored remotely by their doctor or the person from whom they receive health care. However, although the use of wearable devices has become an important part of healthcare, security risks also arise.

90 Vulnerabilities DETECTED! IF MOST…

According to Kaspersky, research by experts discovered 90 vulnerabilities in the MQTT (Message Queuing Telemetry Transport) protocol, which since 2014 is widely used to transfer data from wearable devices and sensors because it is easy and convenient. Experts have also found that most of them have not been patched to date.

While it was noted that authentication in MQTT is completely optional and rarely includes encryption, it was stated that this allows for attacks of the type where a third party can intervene and interfere with communication.

33 MORE ADDED

It was stated that 33 more vulnerabilities, 19 of which were critical, were added to the vulnerabilities discovered last year. While it is said that all of these vulnerabilities put patients at risk of having their data stolen, it has been learned that there are also security vulnerabilities in Qualcomm Snapdragon, one of the most popular platforms for wearable devices.

“MINIMIZE DATA TRANSFERRED FROM TELESHOOD APPLICATIONS”

Maria Namestnikova, Head of Kaspersky Russia’s Global Research and Analysis Team (GReAT), talked about the digitization of healthcare, stating that many hospitals still use untested third-party services to store patient data.

Stating that the vulnerabilities in wearable devices and sensors for health care remain unpatched, Namestnikova suggested the following to healthcare providers:

  • Check the safety of the application or device recommended by the hospital or medical institution.
  • Minimize data transferred by telehealth apps if possible.
  • Do not allow the device to send location data if not required.
  • Change the default passwords and use encryption if the device supports it.

(AA)

mn-3-tech