Negotiating Wearable Device Security

Wearable Device Security

Recent studies have highlighted gaps in security and privacy created by wearable technology, with one report by the US Department of Health noting that many of the new devices available which “collect, share and use health information are not regulated by the Health Insurance Portability and Accountability Act (HIPAA).” With personal information collected and shared more than ever, regulations managing the security and privacy of such data have a hard time keeping up with the potential risks and this particular report suggests, “To ensure privacy, security, and access by consumers to health data, and to create a predictable business environment for health data collectors, developers, and entrepreneurs to foster innovation, the gaps in oversight identified in this report should be filled.” Pertinent questions, however, remain. Who is responsible for ensuring adequate privacy and security concerns are addressed? And precisely where are all of these gaps?

Widespread Concerns

Concerns aren’t only for the vulnerability of health data, though it should be understood that much of this information is highly sensitive and necessarily requires the provision of first class security measures. Research from Binghamton University and the Stevens Institute of Technology has pointed to the potential for wearable devices to leak passwords. Using data from wearable tech sensors including smartwatches and fitness trackers, researchers were able to crack pins on a first attempt 80% of the time. Of course, some might shrug and suggest they care very little if hackers have access to how many steps they’ve taken on any particular day, but let’s not forget the data available to anyone who cracks the code of a smartwatch, nor how many of us reuse pins across devices. Says Yan Wang, assistant professor of computer science within the Thomas J. Watson School of Engineering and Applied Science at Binghamton University, “Wearable devices can be exploited. Attackers can reproduce the trajectories of the user’s hand then recover secret key entries to ATM cash machines, electronic door locks, and keypad-controlled enterprise servers. The threat is real, although the approach is sophisticated.”

Business Adoption of Wearable Tech

A range of benefits exists for the adoption of wearable tech within companies, including improved productivity, better employee safety, and enhanced customer engagement. However, the security concerns of wearable tech are as, if not more, pronounced as those which exist in personal environments. network security, in particular, is put under strain with the appropriate configuration of an organization’s network being a key fortification. Because many of the wearable devices we’re using today have poor or no encryption, data interception is easier and company networks which were otherwise well secured become vulnerable. Moreover, most wearables arrive with software that is unique and difficult to update resulting in an ecosystem of dissimilar devices each with their own distinctive weaknesses, requiring tailored security adjustments.

The Fix?

There is, unfortunately, no one-fits-all solution to the security and privacy issues of our wearables, and besides, any solution today will be in need of updates and amendments tomorrow. But the future of wearables is by no mean a bleak one. Responsible designers and developers are accounting for today’s concerns with more robust security processes for the next generations of devices, and networks are already being restructured to guard against wearable Vulnerabilities.

Wang points to two attacking scenarios, internal and sniffing attacks, the first typically perpetrated through Malware and the second via wireless sniffers that eavesdrop on sensor data sent via Bluetooth. Solutions to such assaults include improved encryption between host operating systems and wearable devices, and the injection of “a certain type of noise to data so it cannot be used to derive fine-grained hand movements.” And for businesses keen to adopt BYOD policies, the implementation of channels outside of the company network specifically for wearable devices can ensure limited access to sensitive data.

Finding the middle ground between the benefits of wearable device usage and the vulnerabilities they introduce is likely to be a painstaking negotiation at first but the more policies defined and effected, the better networks are delineated, and the stronger wearable encryption and protection becomes, the easier the process will be and the greater our rewards.

By Jennifer Klostermann

Episode 1: Why Small and Medium Sized Businesses Need an MSP

Small and Medium Sized Businesses Need an MSP Small and medium-sized businesses don’t enjoy the ...

Episode 3: The Bottomless Cloud – An Interview with David Friend of Wasabi

Why data is not “the new oil” and why “cloud” means more than we think ...

Episode 6: Cloud Migration: Why It’s More Important Than Ever

The Importance of Cloud Migration Moving fully to the cloud is still a concern for ...
Hamza Seqqat

The Benefits of Virtualizing SD-WAN and Security

Benefits of Virtualizing SD-WAN As more companies adopt SD-WAN technology to enhance the agility of their networking architecture, they must give strong consideration to how ...
Mark Kirstein

2020 Market Predictions: Cloud-Services Growth Will Continue

2020 Tech Market Predictions The beginning of every new year is a healthy time for businesses to survey the cloud landscape, reflect on the market ...
Hillary T

The Current Wave of Smart Home Technology

The Future of Smart Home Technology Some say the vision of smart homes kicked off with the invention of household machines in the early part ...
Nikolas Kairinos

The growing role of AI in Sales and Marketing

AI in Sales and Marketing  Artificial intelligence (AI) as a Sales and Marketing (SaM) tool to help businesses deliver a better customer experience and secure ...
Steve Prentice

Cloud-Based Financial Software Reinforces the 80/20 Rule of Business Management

Cloud-Based Financial Software Sponsored by Sage 50cloud Small businesses are known for being innovative and customer-focused in a way that their larger competitors cannot. This ...
Al Castle E911

Businesses Need E911 for Remote Employees

E911 for Remote Employees Remote working is no longer a luxury or a distant possibility – it’s the norm for enterprises around the world. The ...
Steve Prentice

Episode 5: How the Pandemic is Changing Business and the Cloud

An Interview with Ed Dryer of Steadfast With the global pandemic wreaking havoc on business and society, everything is changing. Ed Dryer, Senior Technology Strategist ...
Kokumai

How to Enhance Security of Digital Identity

Enhance Security of Digital Identity Introduction The subject of this article is a fragile digital identity built with a weak password, which makes a grave ...
Johan

Why the digital infrastructure is a matter of national interest!

Digital Infrastructure National Interest When the Internet was born, it promised a form of democracy and guarantee that everybody could be part and setup their ...
Aruna Headshot

66% Say They’d Switch Vendors in Order to Get an Intelligent Online Meeting Solution

People are getting frustrated with online and video meetings. In fact, according to a recent survey, 85% say they are challenged with these types of ...