ISLAMABAD: Smartwatches, fitness trackers and other smart devices have been declared ‘cyber security risk’ by the National Telecom and Information Technology Security Board (NTISB).
In an advisory issued on Tuesday, the National Information and Technology Board (NITB) said that wearable smart devices are a security risk. The Cabinet Division has also recommended a ban on use of wearable devices in sensitive locations.
The advisory added that wearable smart devices are involved in disclosure of confidential information, and use of these devices in sensitive locations can lead to cyber-attacks. These devices can lead to data leaks and unauthorised tracking. Such devices also post a serious threat to institutional security.
The NTISB has made an audit mandatory before using such devices in sensitive locations. During the audit, the security architecture of the device and quality of data encryption must be checked. The Authentication mechanisms of these devices should be reviewed before use in sensitive locations, the advisory noted, adding that use of such devices should be banned in sensitive meetings.
Strict use of approved devices use should be allowed only after security checks and unnecessary features of these devices such as GPS and Bluetooth should be disabled in sensitive locations.
The NITB directed to ensure implementation of multi-factor authentication system for all approved devices.
Incidents of data leaks from wearable devices have occurred in the past and cyber-attacks have also happened on sensitive data through these devices. The advisory now instructs for implementing strict controls on wearable devices to avoid data leaks.
Among the cases mentioned is the 2018 incident about exposure of Fitbit user location data that raised concerns about the unauthorised tracking of key personnel. Fitness data from the device’s GPS inadvertently disclosed the whereabouts of secret locations.
The second case was from 2020 in which a ransomware attack on Garmin led to the encryption of Garmin’s data, causing significant operational downtime and loss of services, including aviation and fitness tracking. The company incurred financial losses estimated to be in the millions of dollars to restore its systems.
