The Cabinet Division has issued a cybersecurity advisory warning against the risks associated with wearable smart devices in sensitive environments.
The advisory highlights potential threats posed by devices such as smartwatches and fitness trackers, which could inadvertently expose classified information.
The use of these devices in high-security offices, meetings, and other critical locations could lead to data leaks, unauthorized tracking, and cyberattacks.
According to the Cabinet Division, several incidents have demonstrated the security vulnerabilities of wearable devices. In 2018, location data from Fitbit users unintentionally revealed the whereabouts of secret facilities, raising concerns about unauthorized tracking.
Similarly, vulnerabilities in the Apple Watch have been exploited by third-party apps to bypass authentication safeguards. Another incident in 2020 involved a ransomware attack on Garmin, which led to data encryption, service disruptions, and financial losses amounting to millions of dollars.
To mitigate these risks, the advisory mandates a formal evaluation and auditing process before wearable devices are allowed in sensitive locations. The evaluation will assess the security architecture, data encryption standards, and authentication mechanisms of each device. Any device failing to meet security requirements will be disallowed until vulnerabilities are addressed. Explicit approval will be required before any wearable device is used in critical areas.
According to the advisory, wearable devices should be strictly prohibited in areas where sensitive discussions or operations take place. Approved devices must undergo security assessments, have non-essential features like GPS and Bluetooth disabled, and receive regular firmware updates. Network access for these devices will be restricted unless stringent security measures, including encryption and segmentation, are in place. Multi-factor authentication (MFA) will also be required for all permitted devices.
Regular security audits will be conducted to ensure compliance with cybersecurity policies. The Cabinet Division emphasizes that failure to adhere to these guidelines could result in severe security breaches. Organizations handling sensitive data are urged to implement strict controls over the use of wearable devices to prevent unauthorized access and data leaks.
