×

Biggest hacking threat to business? Wearables

The rising popularity of wearable devices—and workers bringing them into the office—could pose a major security threat to businesses this year, cybersecurity experts have warned.

A number of companies, including Apple to LG, have launched smartwatches this year. It comes as wearable shipments are set to explode in 2015, hitting 75 million, up 158 percent from 2014, according to research from CCS Insight.

As users increasingly don the latest gadgets to track fitness or answer calls, they will inevitably bring them into the office, opening a new hacking front for attackers.

"As people get increasingly interested in wearables...these devices end up indirectly connected to corporate networks via BYOD (bring your own device) devices," Bogdan Botezatu, senior e-threat analyst at antivirus company Bitdefender, told CNBC by email.

How you could be hacked

A Trend Micro survey of 800 senior IT decision-makers found that almost 80 percent of European organisations were seeing an increasing number of staff bring wearable devices in the workplace, and 77 percent were actively encouraging their use.

But what are the specific threats to businesses from these seemingly innocent gadgets?

Many of these devices will be connected to a phone that has users' work email, or other sensitive corporate information, on it. If the device is compromised, an attacker could potentially access this data.

Consumers are also using wearables for fitness purposes, to track personal information such as location and heart rate.

hacker
Rafe Swan | Cultura | Getty Images

Security experts said this information is often sold on to a third party for purposes such as advertising, but this transfer could be unsafe. If the communication of this data is not encrypted, it could be intercepted.

This would give hackers access to personal information such as email address, the name and even the location of a person. They could then use this information to construct an email that looks legitimate but contains a malicious link. If the user clicks on this link, it would potentially give an attacker an entry point into an organization's network.

Raimund Genes, chief technology officer of Trend Micro, warned that device makers were not building enough security into their wearables.

"You are more vulnerable if the attacker knows about you. The more data in the cloud linked with a personal profile, the more likely it is people can get the data and use it against you to craft an attack," he told CNBC at tech fair CeBit in Hanover, Germany.