Wearable Computing Equals New Security Risks

Have you thought about all the data thieves could steal from wearable gadgets? Security experts say this discussion is just starting.

Jeff Bertolucci, Contributor

January 13, 2014

4 Min Read
Will smartwatches like Pebble's Steel catch on as quickly as smartphones did?


10 Wearables To Watch At CES 2014

10 Wearables To Watch At CES 2014 (Click image for larger view and slideshow.)

Wearable computing hogged the spotlight at last week's CES 2014, as tech companies hyped smartwatches, fitness trackers, health monitors, and Google Glass-style optical headgear. While relatively few people are using these devices today, it's never too early to focus on the inevitable security and privacy concerns that wearable gadgets will bring with them.

According to Domingo Guerra, president and cofounder of Appthority, a San Francisco-based mobile app risk management service, the need for wearable and other mobile devices to interact and share data creates a new class of security and privacy risks.

"Being able to connect everything has advantages, but it also changes the risk parameters from what was possible before," said Guerra in a phone interview with InformationWeek.

If wearable gadgets follow a similar adoption cycle as smartphones and tablets, which were quickly embraced by consumers and enterprises, they'll almost certainly prove tempting targets to malware creators and data thieves, he said.

Factor in the promise of big data and the Internet of Things -- an interconnected digital universe of computer gadgetry sharing bits -- and there's potential for mobile misfortune on a global scale.

[Sensor-equipped objects and their networks will reshape your life, Cisco says. See CES 2014: Cisco's Internet of Everything Vision.]

A fitness tracker, for instance, may contain both personally identifiable information and sensitive health data. A few well-publicized privacy breaches involving these devices could lead to a sharper focus from governmental agencies on wearable security. Information transfers from wearables to insurance companies could lead to a big data dystopia that few consumers want.

"It's still early in the wearables space around healthcare, and right now a lot of the information may be just personal -- maybe sharing it among your family," said Guerra. "But as soon as that (data) starts being sent to a medical or insurance provider, which might offer discounts if you're healthy, and you exercise, and you're eating right, we're going to start seeing government involvement in the form of regulation."

One factor that may hamper the adoption of wearables is the current balkanization of the market.

"I think wearables need to embrace a (common) operating system, because otherwise they're too fragmented," he said. "Right now we see a million different types of watches and glasses, and pulse and heartbeat and exercise devices. Everything's fragmented. And unless these items can communicate and interact with each other -- unless there's a common platform -- they're not going to (achieve) mass adoption."

As with smartphones and tablets, apps will drive the wearables market, he believes.

"We see this now with both iPhone and Android. People don't buy a device, they buy something to play apps," he said. "So I think a lot of wearables will have to incorporate apps, and I think the Internet of Things in general will be powered by apps."

A world of data-sharing devices, however, has its drawbacks.

"Because they need to be highly integrated and connected, there are some security risks as well," noted Guerra. "From the perspective of security, we need to make sure we learn our lessons from what we saw with mobile."

One lesson might be to develop apps from the ground up with security in mind.

"Mobile exploded really quickly, and a lot of developers started building apps into the new ecosystems," said Guerra. "And that's kind of why it grew so fast, but security and privacy weren't always in the top of mind."

He added, "We shouldn't be surprised if wearables suddenly take off, and we should start planning ahead."

Jeff Bertolucci is a technology journalist in Los Angeles who writes mostly for Kiplinger's Personal Finance, the Saturday Evening Post, and InformationWeek.

Next-gen intrusion-prevention systems have fuller visibility into applications and data. But do newer firewalls make IPS redundant? Also in the The IPS Makeover issue of Dark Reading Tech Digest: Find out what our 2013 Strategic Security Survey respondents have to say about IPS and firewalls. (Free registration required.)

About the Author(s)

Jeff Bertolucci


Jeff Bertolucci is a technology journalist in Los Angeles who writes mostly for Kiplinger's Personal Finance, The Saturday Evening Post, and InformationWeek.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights