Negotiating Wearable Device Security

78shares

Wearable Device Security

Recent studies have highlighted gaps in security and privacy created by wearable technology, with one report by the US Department of Health noting that many of the new devices available which “collect, share and use health information are not regulated by the Health Insurance Portability and Accountability Act (HIPAA).” With personal information collected and shared more than ever, regulations managing the security and privacy of such data have a hard time keeping up with the potential risks and this particular report suggests, “To ensure privacy, security, and access by consumers to health data, and to create a predictable business environment for health data collectors, developers, and entrepreneurs to foster innovation, the gaps in oversight identified in this report should be filled.” Pertinent questions, however, remain. Who is responsible for ensuring adequate privacy and security concerns are addressed? And precisely where are all of these gaps?

Widespread Concerns

Concerns aren’t only for the vulnerability of health data, though it should be understood that much of this information is highly sensitive and necessarily requires the provision of first class security measures. Research from Binghamton University and the Stevens Institute of Technology has pointed to the potential for wearable devices to leak passwords. Using data from wearable tech sensors including smartwatches and fitness trackers, researchers were able to crack pins on a first attempt 80% of the time. Of course, some might shrug and suggest they care very little if hackers have access to how many steps they’ve taken on any particular day, but let’s not forget the data available to anyone who cracks the code of a smartwatch, nor how many of us reuse pins across devices. Says Yan Wang, assistant professor of computer science within the Thomas J. Watson School of Engineering and Applied Science at Binghamton University, “Wearable devices can be exploited. Attackers can reproduce the trajectories of the user’s hand then recover secret key entries to ATM cash machines, electronic door locks, and keypad-controlled enterprise servers. The threat is real, although the approach is sophisticated.”

Business Adoption of Wearable Tech

A range of benefits exists for the adoption of wearable tech within companies, including improved productivity, better employee safety, and enhanced customer engagement. However, the security concerns of wearable tech are as, if not more, pronounced as those which exist in personal environments. network security, in particular, is put under strain with the appropriate configuration of an organization’s network being a key fortification. Because many of the wearable devices we’re using today have poor or no encryption, data interception is easier and company networks which were otherwise well secured become vulnerable. Moreover, most wearables arrive with software that is unique and difficult to update resulting in an ecosystem of dissimilar devices each with their own distinctive weaknesses, requiring tailored security adjustments.

The Fix?

There is, unfortunately, no one-fits-all solution to the security and privacy issues of our wearables, and besides, any solution today will be in need of updates and amendments tomorrow. But the future of wearables is by no mean a bleak one. Responsible designers and developers are accounting for today’s concerns with more robust security processes for the next generations of devices, and networks are already being restructured to guard against wearable Vulnerabilities.

Wang points to two attacking scenarios, internal and sniffing attacks, the first typically perpetrated through Malware and the second via wireless sniffers that eavesdrop on sensor data sent via Bluetooth. Solutions to such assaults include improved encryption between host operating systems and wearable devices, and the injection of “a certain type of noise to data so it cannot be used to derive fine-grained hand movements.” And for businesses keen to adopt BYOD policies, the implementation of channels outside of the company network specifically for wearable devices can ensure limited access to sensitive data.

Finding the middle ground between the benefits of wearable device usage and the vulnerabilities they introduce is likely to be a painstaking negotiation at first but the more policies defined and effected, the better networks are delineated, and the stronger wearable encryption and protection becomes, the easier the process will be and the greater our rewards.

By Jennifer Klostermann

Jennifer Klostermann

Jennifer Klostermann is an experienced writer with a Bachelor of Arts degree majoring in writing and performance arts. She has studied further in both the design and mechanical engineering fields, and worked in a variety of areas including market research, business and IT management, and engineering. An avid technophile, Jen is intrigued by all the latest innovations and trending advances, and is happiest immersed in technology.

THOUGHT LEADERS

Ditching the Third Party: Enabling Privacy and Personalization with AI-ready Data

Enabling Privacy and Personalization Most businesses today rely on data collected online to better understand their customers and deliver more personalized products, services and experiences. These insights can be transformative for an organization, especially when ...

AI-powered identity verification: what businesses need to know in 2023

AI-powered identity verification Even if you don’t want to admit it, doing business online in today’s environment poses a greater risk. Criminals are constantly on the lookout for vulnerabilities to exploit, including hacking, data breaches, ...

How to Enable Successful Remote Work Strategy with AI

How AI Is Important for Businesses Shifting to Remote Work The Coronavirus Pandemic has taught us that organizations must have remote work choices. It is no longer possible to work in a digital environment. The ...

Sustainable Solutions for the Data Center: Net Zero Emissions Designs

Net Zero Emissions Designs Sustainability has become an increasingly frequent topic of discussion for data center operators, with many pledging to be carbon-free as soon as 2030. But are these commitments a response to the ...

The Need for Experts Goes Beyond AI

The Need for Experts The explosion in AI technologies has brought with it clear concern that easy answers and intelligent copywriting are now the domain of machines. This has led to the question of whether ...

Get Smarter

Whether you're just starting out in the online industry or looking to take your skills to the next level, Get Smarter eLearning platform is the perfect choice for you. Sign up today and start your journey towards online success!

Use code LEARN15 to enjoy 15% off all courses.