7 Potential Security Concerns for Wearables

leadership team img1

By Michelle Drolet

Founder & CEO

Ms. Drolet is responsible for all aspects of business for Towerwall. She has more than 24 years of,

Read More

Is your organization safe from all these connected devices?

Wearables are rapidly invading the workplace in much the same way that smartphones did. Fitness trackers, smartwatches, head-mounted displays and other new form factors are beginning to capture the public imagination. Sales of wearable electronic devices topped 232 million in 2015, and Gartner forecasts they’ll rise 18.4% this year, when another 274.6 million devices are sold.

These wearable devices represent some appealing opportunities for businesses to increase efficiency and gather data, but in the rush to win market share, security concerns are taking a backseat for many manufacturers and app developers. The potential ramifications of unchecked wearable device usage within the enterprise are alarming.

1. Easy Physical Access to Data

The fact that many wearables store data on the local device without encryption is a real issue. There’s often no PIN or password protection, no biometric security and no user authentication required to access data on a wearable. If it falls into the wrong hands, there’s a risk that sensitive data could be accessed very easily.

2. Ability to Capture Photos, Videos and Audio

The kinds of discreet abilities that many modern wearable devices have in terms of video and audio surveillance surpass high-end spy gear from just a few years ago. It’s easy for someone to surreptitiously take photographs or record video or audio files using something like a smartwatch or smart glasses. Covert capture of confidential information, and videos and images of sensitive areas, is a very real possibility.

3. Insecure Wireless Connectivity

The fact that wearable devices tend to connect to our smartphones or tablets wirelessly using protocols such as Bluetooth, NFC and Wi-Fi creates another potential point of entry. We may have Bluetooth on our smartphones turned on all the time now so they can sync with the wearable, but what else could be connecting? Many of these wireless communications are insufficiently secure to guard against a determined brute-force attack. The first step for securing networks is simply to get visibility on how many connected devices there are. One-third of the organizations surveyed by AT&T recently revealed they have more than 5,000 connected devices.

4. Lack of Encryption

We already mentioned the lack of encryption on many wearable devices, but there are also serious issues with data in transit when it’s being synced and with data being stored on manufacturer’s or service provider’s cloud servers. Some third-party apps neglect basic security standards and send or store information that’s not encrypted. The kind of data that’s automatically being collected by wearables is very valuable to the right people.

5. No Regulation or Compliance

Because many of the security issues around wearables really have to be addressed by the manufacturers, the issue of whether they’ll self-regulate or be bound by government regulations is an important one. In either case, companies suffering a data breach that breaks compliance or regulatory requirements for their specific industry will not be able to shift the blame onto wearables. They’ll still be held fully accountable. Ignorance of wearable device security and manufacturer or third-party app policy is no defense.

6. Patching and Vulnerabilities

Many wearables run their own operating system and applications. As wearable devices become more common, they’ll also become bigger targets for hackers. The same principles that apply to keeping the software on your desktops, laptops, smartphones and tablets fully patched and up to date to avoid the latest vulnerabilities also apply to wearables. But there’s a lack of insight and policy to cater for this issue right now.

7. Current MDM Policies Don’t Cover Wearables

We can’t assume that MDM (mobile device management) systems developed to deal with the BYOD trend can also cater to this influx of wearables. For the sake of convenience, mobile platforms generally make it easy to share data between apps and devices. Because wearables work differently from smartphones, there are many unforeseen circumstances where they pose new security risks. Banning or restricting features is not a sound long-term strategy, so companies need to rethink policies, draft new plans and employ new services to deal with mobile device management.
The security challenge with wearable devices is by no means insurmountable, and the wearable trend will undoubtedly be a real boon for many industries, but it’s important that the enterprise starts to treat it more seriously. Cisco predicts there will be more than 600 million wearable devices in use by 2020.
We need a plan to make sure they’re safe and secure.

This article was recently published in Network World.
Image courtesy of Cutcaster.