Big Data // Big Data Analytics
News
1/13/2014
11:14 AM
Connect Directly
Google+
RSS
E-Mail
50%
50%

Wearable Computing Equals New Security Risks

Have you thought about all the data thieves could steal from wearable gadgets? Security experts say this discussion is just starting.

 alt=
10 Wearables To Watch At CES 2014
(Click image for larger view and slideshow.)

Wearable computing hogged the spotlight at last week's CES 2014, as tech companies hyped smartwatches, fitness trackers, health monitors, and Google Glass-style optical headgear. While relatively few people are using these devices today, it's never too early to focus on the inevitable security and privacy concerns that wearable gadgets will bring with them.

According to Domingo Guerra, president and cofounder of Appthority, a San Francisco-based mobile app risk management service, the need for wearable and other mobile devices to interact and share data creates a new class of security and privacy risks.

"Being able to connect everything has advantages, but it also changes the risk parameters from what was possible before," said Guerra in a phone interview with InformationWeek.

If wearable gadgets follow a similar adoption cycle as smartphones and tablets, which were quickly embraced by consumers and enterprises, they'll almost certainly prove tempting targets to malware creators and data thieves, he said.

Factor in the promise of big data and the Internet of Things -- an interconnected digital universe of computer gadgetry sharing bits -- and there's potential for mobile misfortune on a global scale.

[Sensor-equipped objects and their networks will reshape your life, Cisco says. See CES 2014: Cisco's Internet of Everything Vision.]

A fitness tracker, for instance, may contain both personally identifiable information and sensitive health data. A few well-publicized privacy breaches involving these devices could lead to a sharper focus from governmental agencies on wearable security. Information transfers from wearables to insurance companies could lead to a big data dystopia that few consumers want.

"It's still early in the wearables space around healthcare, and right now a lot of the information may be just personal -- maybe sharing it among your family," said Guerra. "But as soon as that (data) starts being sent to a medical or insurance provider, which might offer discounts if you're healthy, and you exercise, and you're eating right, we're going to start seeing government involvement in the form of regulation."

Will smartwatches like Pebble's Steel catch on as quickly as smartphones did?
Will smartwatches like Pebble's Steel catch on as quickly as smartphones did?

One factor that may hamper the adoption of wearables is the current balkanization of the market.

"I think wearables need to embrace a (common) operating system, because otherwise they're too fragmented," he said. "Right now we see a million different types of watches and glasses, and pulse and heartbeat and exercise devices. Everything's fragmented. And unless these items can communicate and interact with each other -- unless there's a common platform -- they're not going to (achieve) mass adoption."

As with smartphones and tablets, apps will drive the wearables market, he believes.

"We see this now with both iPhone and Android. People don't buy a device, they buy something to play apps," he said. "So I think a lot of wearables will have to incorporate apps, and I think the Internet of Things in general will be powered by apps."

A world of data-sharing devices, however, has its drawbacks.

"Because they need to be highly integrated and connected, there are some security risks as well," noted Guerra. "From the perspective of security, we need to make sure we learn our lessons from what we saw with mobile."

One lesson might be to develop apps from the ground up with security in mind.

"Mobile exploded really quickly, and a lot of developers started building apps into the new ecosystems," said Guerra. "And that's kind of why it grew so fast, but security and privacy weren't always in the top of mind."

He added, "We shouldn't be surprised if wearables suddenly take off, and we should start planning ahead."

Jeff Bertolucci is a technology journalist in Los Angeles who writes mostly for Kiplinger's Personal Finance, the Saturday Evening Post, and InformationWeek.

Next-gen intrusion-prevention systems have fuller visibility into applications and data. But do newer firewalls make IPS redundant? Also in the The IPS Makeover issue of Dark Reading Tech Digest: Find out what our 2013 Strategic Security Survey respondents have to say about IPS and firewalls. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
msangha
50%
50%
msangha,
User Rank: Strategist
1/16/2014 | 12:46:37 PM
Security and wearable tech
The feds were so concerned about the pacemaker for Dick Cheney, they had to encrypt it with their own encryption. Security for devices in the new world of "internet of things" (IeT) is not completely worked out and the devices are ready to explode onto the market. Quite concerning. For more on wearable tech, check: http://tinyurl.com/n8lsl69
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
1/15/2014 | 4:07:39 PM
Re: Building security in
Skimming data out of apps on wearables is certainly going to be a challenge. My more immediate concern, though, would be about data that is seen by someone wearing a Google Glass type of product. Right now, there are businesses I visit where I have surrender my phone because it has a camera. What happens when computing is seamlessly built into my glasses? My glasses save everything I see. That's a security nightmare.
WKash
50%
50%
WKash,
User Rank: Author
1/13/2014 | 6:46:59 PM
Building security in
To  your point: "One lesson might be to develop apps from the ground up with security in mind."  That's the right approach but one imagines the race to market a winning product, and/or find the killer app, will likely mean that, as with most emerging technologies, security inevitably gets a seat at the rear of the bus, if at all.

 
Shane M. O'Neill
50%
50%
Shane M. O'Neill,
User Rank: Author
1/13/2014 | 5:42:44 PM
A common OS?
With so many devices coming, it seems wearables are destined to be fragmented. How would this "common operating system" for wearables manifest itself? Can we possibly expect all of them to run Android?
Laurianne
50%
50%
Laurianne,
User Rank: Author
1/13/2014 | 3:33:29 PM
Wearables security
The fragmentation point is important. Look at the Android phone upgrade situation today. Will wearables be any less messy?
Whoopty
IW Pick
100%
0%
Whoopty,
User Rank: Ninja
1/13/2014 | 12:38:53 PM
More of the same
There might be more security risks with wearables, but it's the same sort of ones we have already. Snooping data between devices or from them will open up new concerns - how about robbing people when they've just finished a workout and can't chase you? - but ultimately as long as we focus on making sure that data isn't freely given to every app, regardless of its own security, we'll be a lot better off. 
6 Tools to Protect Big Data
6 Tools to Protect Big Data
Most IT teams have their conventional databases covered in terms of security and business continuity. But as we enter the era of big data, Hadoop, and NoSQL, protection schemes need to evolve. In fact, big data could drive the next big security strategy shift.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek - September 2, 2014
Avoiding audits and vendor fines isn't enough. Take control of licensing to exact deeper software discounts and match purchasing to actual employee needs.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Howard Marks talks about steps to take in choosing the right cloud storage solutions for your IT problems
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.