Are Your Wearables Fit to Secure You? Researchers Outline 3 Attack Surfaces

wearables-security-attack-surfaces-iot

Every year, Black Hat Asia gathers security researchers and enthusiasts alike to demonstrate how technologies and applications can be improved. Last year, researchers delved into vulnerabilities and exploits that affected devices on the internet of things (IoT). This year is no different, as the conference has brought forth more hacks and concerns around the IoT. And one affected field in particular may be a little too close for comfort: wearables.

Wearable technologies include devices that are worn on the body as accessories or implants, reliant on apps for configuration and interfacing, and powered by sensors that gather information from their immediate surroundings for relaying to the cloud for storage and analysis. Since wearables are often used to track users’ vital signs or data related to health and fitness, security issues have usually swirled around their data collection and treatment of user privacy. Now researchers have further illustrated attack scenarios involving wearables on three primary attack surfaces: the device, the app, and the cloud — all with underlying issues on device development and security implementation.

[READ: 2018 Security Predictions: Biohacking via wearables and medical devices]

Intel’s Sports Group security research manager, Kavya Racharla, and Deep Armor’s founder and CEO, Sumanth Naropanth, explain how typical wearable devices are developed in just six months, from planning to rollout, which could mean not leaving much room for security assessments. Racharla says that some wearables are able to store voice prompts in plain text, that is, if the prompt includes a user’s name, it’s in plain text, too.

[Related article: Are You Ready for Wearable Devices?]

Moreover, wearables often share data with several apps, for recording data, controlling music, sending messages, or some other purpose. If Bluetooth comes into play, there’s the potential of information leakage or malware infection dedicated to hijacking the Bluetooth feed from the wearables. These security concerns already assume that wearable developers have applied encryption and proper Bluetooth implementation.

The cloud, for its part, is where many wearables store data and perform analysis on user activity. Exposing the data to single out a wearable device is one of the crucial risks. Naropanth adds that there are circumstances where a single wearable device has been rebranded by other companies, with all data stored in a single database.

Securing wearables and other connected devices

As more manufacturers go to market with devices that come with a wide array of functionalities, excited buyers might not be able to assess the potential hazards to their security. It is the responsibility of manufacturers to incorporate security into their development cycles so that device integrity and user privacy are prioritized. This would entail having risk assessment teams even from the conception phase.

Since wearables can also be operated through smartphone apps, it is important to secure mobile apps and devices, by performing such steps as updating the firmware to the latest version and refraining from using third-party apps.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.