The Cabinet Division has released a cybersecurity advisory, highlighting potential security threats posed by wearable smartwatches, especially in high-security areas.
The warning addresses concerns over the possibility that devices such as smartwatches and fitness trackers may inadvertently leak sensitive information, making them significant risks in environments such as secure offices, meetings, and other critical zones.
These devices could lead to unauthorized access, data breaches, and cyberattacks.
The advisory references previous incidents that exposed the vulnerabilities of such technology.
For instance, in 2018, Fitbit’s user data revealed the locations of secret facilities, raising alarms about the potential for location tracking.
Additionally, security flaws in the Apple Watch allowed third-party applications to bypass authentication protocols.
A 2020 ransomware attack on Garmin caused significant financial losses and disruptions, further underscoring the risks posed by wearables.
To address these concerns, the advisory mandates that all wearable devices be formally evaluated for security compliance before being used in sensitive or restricted areas.
This evaluation will assess the device’s encryption, authentication systems, and overall security structure.
Devices failing to meet the necessary security standards will be banned from use until their vulnerabilities are addressed.
The guidance also specifies that wearable devices should not be allowed in locations where confidential discussions or operations are taking place.
Any approved devices must have unnecessary features such as GPS and Bluetooth disabled, undergo routine firmware updates, and be restricted to encrypted, segmented networks.
Multi-factor authentication will be a requirement for devices that are permitted for use.
The Cabinet Division has stressed the importance of adhering to these cybersecurity protocols to prevent any potential breaches.
Organizations managing sensitive information are urged to implement strict controls on the use of wearable devices to protect against unauthorized data access.
