Negotiating Wearable Device Security

Wearable Device Security

Recent studies have highlighted gaps in security and privacy created by wearable technology, with one report by the US Department of Health noting that many of the new devices available which “collect, share and use health information are not regulated by the Health Insurance Portability and Accountability Act (HIPAA).” With personal information collected and shared more than ever, regulations managing the security and privacy of such data have a hard time keeping up with the potential risks and this particular report suggests, “To ensure privacy, security, and access by consumers to health data, and to create a predictable business environment for health data collectors, developers, and entrepreneurs to foster innovation, the gaps in oversight identified in this report should be filled.” Pertinent questions, however, remain. Who is responsible for ensuring adequate privacy and security concerns are addressed? And precisely where are all of these gaps?

Widespread Concerns

Concerns aren’t only for the vulnerability of health data, though it should be understood that much of this information is highly sensitive and necessarily requires the provision of first class security measures. Research from Binghamton University and the Stevens Institute of Technology has pointed to the potential for wearable devices to leak passwords. Using data from wearable tech sensors including smartwatches and fitness trackers, researchers were able to crack pins on a first attempt 80% of the time. Of course, some might shrug and suggest they care very little if hackers have access to how many steps they’ve taken on any particular day, but let’s not forget the data available to anyone who cracks the code of a smartwatch, nor how many of us reuse pins across devices. Says Yan Wang, assistant professor of computer science within the Thomas J. Watson School of Engineering and Applied Science at Binghamton University, “Wearable devices can be exploited. Attackers can reproduce the trajectories of the user’s hand then recover secret key entries to ATM cash machines, electronic door locks, and keypad-controlled enterprise servers. The threat is real, although the approach is sophisticated.”

Business Adoption of Wearable Tech

A range of benefits exists for the adoption of wearable tech within companies, including improved productivity, better employee safety, and enhanced customer engagement. However, the security concerns of wearable tech are as, if not more, pronounced as those which exist in personal environments. network security, in particular, is put under strain with the appropriate configuration of an organization’s network being a key fortification. Because many of the wearable devices we’re using today have poor or no encryption, data interception is easier and company networks which were otherwise well secured become vulnerable. Moreover, most wearables arrive with software that is unique and difficult to update resulting in an ecosystem of dissimilar devices each with their own distinctive weaknesses, requiring tailored security adjustments.

The Fix?

There is, unfortunately, no one-fits-all solution to the security and privacy issues of our wearables, and besides, any solution today will be in need of updates and amendments tomorrow. But the future of wearables is by no mean a bleak one. Responsible designers and developers are accounting for today’s concerns with more robust security processes for the next generations of devices, and networks are already being restructured to guard against wearable Vulnerabilities.

Wang points to two attacking scenarios, internal and sniffing attacks, the first typically perpetrated through Malware and the second via wireless sniffers that eavesdrop on sensor data sent via Bluetooth. Solutions to such assaults include improved encryption between host operating systems and wearable devices, and the injection of “a certain type of noise to data so it cannot be used to derive fine-grained hand movements.” And for businesses keen to adopt BYOD policies, the implementation of channels outside of the company network specifically for wearable devices can ensure limited access to sensitive data.

Finding the middle ground between the benefits of wearable device usage and the vulnerabilities they introduce is likely to be a painstaking negotiation at first but the more policies defined and effected, the better networks are delineated, and the stronger wearable encryption and protection becomes, the easier the process will be and the greater our rewards.

By Jennifer Klostermann

Gary Bernstein

Infographic: The Data That Never Sleeps

Here’s What Happens Every Minute on the Internet in 2020 In 2020, the world changed fundamentally – and so did the data that makes the world go around. As COVID-19 swept the world, nearly every ...
Sangeeta Chhabra

What Accountants Should Know About The Cloud

Cloud Accounting Cloud technology has been at the top of the charts of new-age technologies for a long time now. Almost every industry in the world has started realizing its capabilities and integrating cloud strategies ...
Al Castle E911

Businesses Need E911 for Remote Employees

E911 for Remote Employees Remote working is no longer a luxury or a distant possibility – it’s the norm for enterprises around the world. The “trend” of telecommuting is not new; for example, the number ...
Garry Connolly

What’s Behind Smart Devices? A Data Centre, Of Course

Smart TV's, Smart Phones, What’s Behind Smart Devices? It’s not difficult to be “smart” these days. We wake up in the morning and check our social media feeds on our smart phone while turning on ...
Andrew Marsh Washington Frank

Why should SMEs embrace Cloud ERP solutions?

SMEs & ERP Solutions Remaining competitive in the market is the primary goal of every business. For SMEs, moving to the cloud can help that dream become a reality, and the tools it opens up ...
Mike Johnson

Data Transmission Travel Plans – From The Ground Up

Don’t Forget Networking The term “cloud” was first used by the telecomm industry in early schematics of the Internet to identify the various, non-specific uses data was put to at the end of their cables ...