Smart watches, fitness trackers, other gadgets declared as cybersecurity risk

The National Telecom and Information Technology Security Board (NTISB) has issued an advisory declaring that a number of smart devices including smart watches and fitness trackers are a cybersecurity risk, reported 24NewsHD TV channel on Tuesday.

Following the advisory, the Cabinet Division has recommended a total ban on use of smart devices at sensitive places.

According to the NTISB advisory, the wearable smart devices are responsible for leaking of secret information like data breach and illegal tracking. Audit of these devices before their use at sensitive sites was a must as their unauthorized use may cause cyberattacks, said the Board.

The advisor said these wearable devices are a serious threat to the institutional security and scrutiny of their security architecture and standard of data encryption was imperative.

The Board also proposed for a thorough review of the verified mechanism of these devices before their use at the sensitive facilities and these must not be used at places where sensitive meetings and operations are being conducted.

These devices must be cleared for use only after their thorough security analysis and by deactivating their unnecessary features like GPS and Bluetooth.

The advisory also called for ensuring implementation of the multi-factor verified system of the approved smart devices.

The advisory also cited incidents of the past when wearable devices were the cause for leakage of the data and cyberattacks.

Strict control should be in place for using wearable devices for avoid data leak, the advisory said.

About a week ago, the NTISB in another advisory had issued another cyber security advisory against hacking of personal data, warning Pakistani users about the risks of using certain browser extensions that could compromise their personal data.

The advisory highlighted tools such as ChatGPT-4, Gemini for Chrome, and more than a dozen others being targeted by hackers to steal private information.

The Board specifically alerted users who rely on virtual private networks (VPNs) and artificial intelligence-powered tools about the growing threats posed by hackers employing phishing techniques.

These hackers are reportedly injecting malicious code into legitimate browser extensions, potentially exposing users' personal identifiable information (PII).

Among the 16 compromised extensions identified are popular tools like AI Assistant – ChatGPT, Bard AI Chat Extension, VPNCity, VidHelper Video Downloader, and Trackker – Online Keylogger Tool, among others.

The NTISB has issued several key recommendations to users to protect their privacy and security:

Avoid using the affected extensions and opt for alternative trusted options.
Only install browser extensions from reputable sources.
Review extension permissions and ratings carefully before installation.
Regularly update extensions to the latest versions.
Remove unused extensions from browsers.
Install and maintain up-to-date antivirus software.
Remain cautious of free extensions, as they may carry hidden risks.
Actively monitor system activity for unusual behaviour.
The advisory urged users to stay vigilant and take immediate action to safeguard their data.

Reporter Waqas Azeem