September 14, 2016

Negotiating Wearable Device Security

By Jennifer Klostermann

Wearable Device Security Recent studies have highlighted gaps in security and privacy created by wearable technology, with one report by the US Department of Health noting that many of the new devices available which “collect, share and use health information are not regulated by the Health Insurance Portability and Accountability Act (HIPAA).” With personal information […]

Wearable Device Security

Recent studies have highlighted gaps in security and privacy created by wearable technology, with one report by the US Department of Health noting that many of the new devices available which “collect, share and use health information are not regulated by the Health Insurance Portability and Accountability Act (HIPAA).” With personal information collected and shared more than ever, regulations managing the security and privacy of such data have a hard time keeping up with the potential risks and this particular report suggests, “To ensure privacy, security, and access by consumers to health data, and to create a predictable business environment for health data collectors, developers, and entrepreneurs to foster innovation, the gaps in oversight identified in this report should be filled.” Pertinent questions, however, remain. Who is responsible for ensuring adequate privacy and security concerns are addressed? And precisely where are all of these gaps?

Widespread Concerns

Concerns aren’t only for the vulnerability of health data, though it should be understood that much of this information is highly sensitive and necessarily requires the provision of first class security measures. Research from Binghamton University and the Stevens Institute of Technology has pointed to the potential for wearable devices to leak passwords. Using data from wearable tech sensors including smartwatches and fitness trackers, researchers were able to crack pins on a first attempt 80% of the time. Of course, some might shrug and suggest they care very little if hackers have access to how many steps they’ve taken on any particular day, but let’s not forget the data available to anyone who cracks the code of a smartwatch, nor how many of us reuse pins across devices. Says Yan Wang, assistant professor of computer science within the Thomas J. Watson School of Engineering and Applied Science at Binghamton University, “Wearable devices can be exploited. Attackers can reproduce the trajectories of the user’s hand then recover secret key entries to ATM cash machines, electronic door locks, and keypad-controlled enterprise servers. The threat is real, although the approach is sophisticated.”

Business Adoption of Wearable Tech

A range of benefits exists for the adoption of wearable tech within companies, including improved productivity, better employee safety, and enhanced customer engagement. However, the security concerns of wearable tech are as, if not more, pronounced as those which exist in personal environments. network security, in particular, is put under strain with the appropriate configuration of an organization’s network being a key fortification. Because many of the wearable devices we’re using today have poor or no encryption, data interception is easier and company networks which were otherwise well secured become vulnerable. Moreover, most wearables arrive with software that is unique and difficult to update resulting in an ecosystem of dissimilar devices each with their own distinctive weaknesses, requiring tailored security adjustments.

The Fix?

There is, unfortunately, no one-fits-all solution to the security and privacy issues of our wearables, and besides, any solution today will be in need of updates and amendments tomorrow. But the future of wearables is by no mean a bleak one. Responsible designers and developers are accounting for today’s concerns with more robust security processes for the next generations of devices, and networks are already being restructured to guard against wearable Vulnerabilities.

Wang points to two attacking scenarios, internal and sniffing attacks, the first typically perpetrated through Malware and the second via wireless sniffers that eavesdrop on sensor data sent via Bluetooth. Solutions to such assaults include improved encryption between host operating systems and wearable devices, and the injection of “a certain type of noise to data so it cannot be used to derive fine-grained hand movements.” And for businesses keen to adopt BYOD policies, the implementation of channels outside of the company network specifically for wearable devices can ensure limited access to sensitive data.

Finding the middle ground between the benefits of wearable device usage and the vulnerabilities they introduce is likely to be a painstaking negotiation at first but the more policies defined and effected, the better networks are delineated, and the stronger wearable encryption and protection becomes, the easier the process will be and the greater our rewards.

By Jennifer Klostermann

Jennifer Klostermann

Jennifer Klostermann is an experienced writer with a Bachelor of Arts degree majoring in writing and performance arts. She has studied further in both the design and mechanical engineering fields, and worked in a variety of areas including market research, business and IT management, and engineering. An avid technophile, Jen is intrigued by all the latest innovations and trending advances, and is happiest immersed in technology.
Steve Prentice

Get Smarter – The Era of Microlearning 

The Era of Microlearning Becoming employable and then staying employable requires ongoing, up to date [...]
Read more

Lambda Cold Starts: What They Are and How to Fix Them

What Are Lambda Cold Starts? Lambda cold starts occur when AWS Lambda has to initialize [...]
Read more

Exploring SaaS Directories: The Path to Optimal Software Selection

Exploring the Landscape of SaaS Directories SaaS directories are vital in today’s digital age, serving [...]
Read more

A.I. is Not All It’s Cracked Up to Be…At Least Not Yet!

Exploring AI’s Potential: The Gap Between Aspiration and Reality Recently Samsung releases its new Galaxy [...]
Read more

5 Azure Cost Management Strategies

What Is Azure Cost Management? Azure cost management refers to the practices and processes that [...]
Read more
Steve Prentice

Episode 19: Why AWS Needs to Become Opinionated about FinOps

On today’s episode of the CloudTweaks podcast, Steve Prentice chats with Rahul Subramaniam, CEO at CloudFix [...]
Read more

SPONSORS

Interviews and Thought Leadership

AI at the Gate: Navigating the Future of Cybersecurity with SonicWall’s Bobby Cornwell

Navigating the Future of Cybersecurity In the face of the digital age’s advancements, AI’s role in cybersecurity presents both innovation and challenges. CloudTweaks welcomes a Q&A with Bobby Cornwell, Vice [...]
Read more
Daniel Barber

Q&A Daniel Barber – 2024 AI + Data Privacy Predictions

2024 AI + Data Privacy Predictions In a recent interview with CloudTweaks, Daniel Barber, Co-Founder and CEO of DataGrail, shared insightful perspectives on the evolving landscape of AI and privacy. [...]
Read more

Top Cloud Cost Optimization Strategies for Multi-Cloud Environments

The age-old saying “Don’t put all your eggs in one basket” has found a new resonance in today’s cloud landscape. [...]
Read more

How AI Machine Learning Is Enhancing Customer Experience Across Industries

Elevating Customer Satisfaction: AI’s Impact in Every Sector Recent years have witnessed an incredible transformational leap with regard to Artificial [...]
Read more

CrowdStrike and Dell unleash an AI-powered, unified security vision

Dell and CrowdStrike are joining forces today to help businesses battle against cyberattacks using AI to protect against generative AI, stealth social engineering and [...]
Read more

SPONSOR PARTNER

Explore top-tier education with exclusive savings on online courses from MIT, Oxford, and Harvard through our e-learning sponsor. Elevate your career with world-class knowledge. Start now!
© 2024 CloudTweaks. All rights reserved.