Your smartwatch knows your heart rate, your sleep schedule, and several other types of health data. But what happens when someone else gets access to all of that? Researchers at CISPA have some worrying answers.

Daniel Gerhardt, a doctoral researcher, recently published a paper exploring the privacy and security risks of on-body interaction techniques, which include wearables, smart glasses, and even smart garments. His findings are not pretty.

Could your smart wearables hurt you?

The study found that privacy and security risks with wearable tech cannot be taken lightly. A wearable device sits close to your body and has access to more data than your phone or computer, and hence, the potential for harm goes well beyond leaked passwords.

The most alarming finding is the physical risk. A smart jacket with heating elements, for example, could theoretically be hacked to cause burns. Devices could also be used for extortion. One expert in the study described this scenario as “ransomware for the body,” and honestly, that phrase alone should keep you up at night.

Psychological risks are also on the table. Immersive or manipulative systems could be used to cause stress or push users into unwanted experiences. And it is not just the wearer at risk. Devices can capture data from bystanders without their knowledge.

Is there a fix?

Gerhardt also developed eight design guidelines to help researchers, designers, and companies build safer wearables from the ground up. The recommendations include minimizing data collection, improving transparency for users, and building stronger security into both hardware and software.

The research was presented at the ACM CHI Conference on Human Factors in Computing Systems, one of the most respected gatherings in human-computer interaction research.

Wearables are only going to get more capable. Getting the safety side right now, before they become truly indispensable, seems like the smart move.