The Cabinet Division has released a cybersecurity advisory highlighting the potential dangers linked to the use of wearable smart devices in sensitive settings.
The advisory emphasizes the possible risks associated with devices like smartwatches and fitness trackers, which may unintentionally reveal sensitive information. The use of these devices in high-security offices, meetings, and other critical locations could lead to data leaks, unauthorized tracking, and cyberattacks.
The Cabinet Division has reported multiple incidents that highlight the security weaknesses associated with wearable devices. In 2018, location information from Fitbit users inadvertently disclosed the locations of confidential facilities, prompting worries regarding unauthorized surveillance.
Vulnerabilities within the Apple Watch have also been leveraged by third-party applications to circumvent authentication protections. Additionally, in 2020, Garmin experienced a ransomware attack that resulted in data encryption, service interruptions, and financial losses reaching millions of dollars.
To address these risks, the advisory requires a comprehensive evaluation and auditing procedure before the authorization of wearable devices in sensitive environments. This evaluation will examine the security framework, data encryption protocols, and authentication systems of each device. Devices that do not comply with security standards will be prohibited from use until identified vulnerabilities are rectified. Prior explicit approval will be necessary for the deployment of any wearable device in critical zones.
As per the advisory wearable devices are to be categorically banned in locations where sensitive discussions or operations occur. Devices that are authorized must pass security evaluations, have non-essential functionalities such as GPS and Bluetooth turned off, and must be subject to regular firmware updates. Access to networks for these devices will be limited unless robust security protocols, including encryption and segmentation, are implemented. Additionally, multi-factor authentication (MFA) will be mandatory for all authorized devices.
Regular security audits will be performed regularly to verify adherence to cybersecurity policies. The Cabinet Division stresses that non-compliance with these regulations may lead to significant security vulnerabilities. Entities managing sensitive information are strongly encouraged to enforce stringent measures regarding the use of wearable technology to avert unauthorized access and potential data breaches.
For more daily updates, please visit our News Section.