Wearables IoT – Security, Privacy and Safety Concerns

Wearables IoT – Security, Privacy and Safety Concerns

Internet of Things or IoT has become a very hot topic nowadays for consumers and businesses alike. Some claim that IoT will totally transform how people use the internet and computer networking in the next decade or century. Current predictions estimate that by 2020, there will be over 20 billion connected devices, thus creating a huge potential for IoT to impact our lives in an innumerable number of ways.

Related: The State of Internet of Things in 6 Visuals

What is the IoT?

IoT represents the fundamental idea where network devices can sense, collect data and then transfer the data online where it is then processed and used for several interesting purposes. This new technology can offer an important advantage to gaining better efficiencies and creation of innovative business models.

Wearables and Their Impact on Our Lives

Wearable devices, better known as wearables, are at the heart of IoT implementation. Functions related to security and identification are already using wearables. You might not consider your work badge as a high-tech wearable device, yet it offers security and identification features beneficial in the workplace. Badges can even be enhanced to included abilities for sensing the exact location of employees, which is important during emergencies.

Fitness oriented wearables that provide biometric measurements like perspiration levels, heart rates, and also complex measurements such as the amount of oxygen in the blood are becoming available. Future technology advancements can even allow for measurements of alcohol levels via wearable devices. The capability of sensing, storing and tracking biometric measurements for some time and then analysing the results, is one very interesting possibility. For instance, tracking body temperature may provide early indications of flu or cold.

Related: A Smart Mouthguard Wearable That Could Save Your Life?

Device Mesh

The examples listed above could all have the central device like a smartphone for controlling and delivering these features. However, this is not really the most effective approach. It would be much better if IoT devices could interact and exchange data directly without requiring the smartphone to certify all the transactions your wearables intend to make.

A more effective model would be that your phone can set up several operation modes that you want, and also the appropriate levels of privacy. Once you have set up the strategy of communication, all your smart devices can communicate with each other in the ways you’ve allowed.

Smart Home Security

Wearable devices can also be given the permission to connect to the electronic devices in your house too. Maybe you prefer a certain lighting level as you watch TV.

Determining where there are vulnerabilities across several smartphone OS types pales when compared to tracking thousands of distinctive sensors, meters, cameras, machines and other controllers.

By simply turning on the television, your wearable will automatically adjust to the preferred lighting level. A smart house may even offer automatic blocking of light from a window that was creating glare or blurred view of the television. Even the television itself could be optimised for creating a great viewing experience and energy saving.

All these handy interactions could be performed automatically, between your smart devices, once you have input the overall communication strategy through a computer or smartphone interface.

Relevant: Best Home Automation UK – A Detailed Comparison

Risks involved with using wearables

Despite providing great benefits and conveniences for our lives, there are some significant risks involved with wearables. To better understand these risks, here is a sample from what tech leaders in the sector are saying with regards to wearable usage and its security implications:

1. Wearables are secretly jeopardising privacy and security according to TechRepublic

Techrepublic The dark side of wearables How they're secretly jeopardizing your security and privacy

via techrepublic.com

TechRepublic recently published an article detailing the darker side of using wearables. One of their contributors, Teena Hammond, states that consumers are unknowingly exposing themselves to possible security breaches as well as ways that personal data might be used by organisations with consumers ever knowing. We are entering a world where every detail is documented and catalogued, and governments and companies will be basing their decisions on a person’s data trail. Thus, privacy protection is very important if we are to be considered as individuals, rather than just data points.

The main reason behind possible security breaches in IoT wearables is due to the very high value of personal data. Information that your wearable device collects and stores locally on your phone or the cloud is much more valuable than your credit card details. Credit card breaches are very easy to deal with; just a simple cancellation of what was done during the breach. A very short lifespan in the black market.

However, information collected on wearables does not go away. It is impossible to change personally identifiable data like date of birth and social security details. With health data, security breaches pose even a greater risk.

The article states that the main problem with securing wearables is that most producers are in a rush to get their products to the market. When companies are only interested in getting their products ready as fast as possible, they are essentially producing extremely vulnerable devices. Even if they supply security patches afterward, you cannot expect all users to keep updating their devices.

To reduce these risks, the article suggests that companies build security and privacy in their development process. This will help with fixing future errors, doing investigations and also dealing with industry regulators.

2. WT VOX believes wearables trigger shocking security risks

WTVOX Internet Of Things And Wearable Devices Trigger ‘Alarming’ Security Risks

via wtvox.com

In an article on the WT VOX website, the results of an investigation by HP into popular wearable devices is discussed. The devices included webcams, sprinkler controllers, door locks, home alarms and home thermostats among other common wearable devices. Out of the total ten devices that HP investigated, eight triggered key privacy concerns by failing to demand passwords of adequate length and complexity, while still presenting a risk of data interception through cloud services.

Generally, 70% of the wearables were deemed highly vulnerable to hacking. Some of the greatest points of weakness discovered in the investigation include:

  • Insufficient authorisation
  • Privacy concerns
  • Insufficient software protection
  • Insecure web or cloud interface
  • Lack of sufficient transport encryption

3. Symantec has also analysed the security risks of wearables

Symantec _istr20_annual_report_IoT security

via symantec.com

The recent Symantec Internet Security Threat Report Vol. 20 discovered that the hacking risks of IoT devices have increased greatly, possible due to how smartphones are used as the controlling point. Symantec discovered that in 2014, 52% of health applications, most of which have connectable wearable devices, did not have privacy policies in place. Furthermore, 20% of the health apps used clear text to send personal information, passwords, and logins.

According to Symantec, consumer wearables are not the only ones being attacks, as differing industries that use IoT are also under attack. In 2014, a pipeline explosion that occurred in Turkey was found to be caused by cyber-attacks. Besides financial gain, criminals are also intent on destroying a company’s brand image or simply to prove vulnerabilities.

Symantec notes that security needs to be inclusive and comprehensive, rather than an added feature. Security programs must be built into the devices for better protection. With the rising number of wearables and other IoT devices, security concerns are also going to increase significantly, and Symantec is in a unique position to share cyber security intelligence on quickly evolving threats.

4. Computerworld suggests that wearable computers have an array of hidden dangers

Computerworld Jaikumar Vijayan 7 hidden dangers of wearable computers

via Computerworld.com

Jaikumar Vijayan of Computerworld has listed a couple of key security concerns of wearable devices. The list includes vulnerabilities of life-blogging tools, embedded or wearable medical devices, cop cams, smart clothing, smart watches and fitness bands. The article highlights the major uses of these wearable devices and how they could be compromised.

Life-blogging tools are essentially wearable cameras that are GPS-enabled and allow people to document every moment of their day and share. The tiny cameras are always on and are specifically designed to repeatedly capture thousands of photographs a day. The obvious threat is that even though these cameras can create detailed journals of a person’s life, they essentially invade the privacy of other people being photographed without their permission or knowledge.

For wearables in the health sector, their wireless feature poses a great risk. For instance, someone could easily hack a patient’s insulin pump and deliver a lethal dose. Another research has discovered how having poorly secured pacemakers offers exploitation opportunities where a hacker can send a fatal shock to a person wearing the medical device.

The IoT Security Situation Today

Device producers are concerned since no one wishes their equipment was involved in any network intrusion. However, there is an even bigger security concern today. You have new devices coming into an existing network, and these devices will be interconnected, thus creating possible entry points. Organisations are constantly concerned about the availability of unsecured wireless access points in their IT infrastructure. Thus, they would not be too eager to see an inward bound horde of interconnected IoT devices offering unsafe endpoints.

Challenges of a Device Mesh

The sheer magnitude of IoT justifiable flaws causes anxiety for many network administrators, and it also merges with another essential challenge that complicates the provision of effective security solutions – the presence of a large number of types of wearable devices – a device mesh.

Unfortunately, many wearables will likely never get any updates from their manufacturers, so patches are not going to help address the emerging threats.

There are so many different capabilities, different generations, different uses and different vendors of wearable devices in the market today, which, of course, makes achieving security more challenging. You can consider the fact that today we currently have malware and spyware, but in future we are going to have specific viruses facing the IoT devices.

Determining where there are vulnerabilities across several smartphone OS types pales when compared to tracking thousands of distinctive sensors, meters, cameras, machines and other controllers.

Besides the management of many interconnected things, IoT security will also involve lots of connection methodologies and protocols. That becomes nightmarish because you must support all these connected things, and you need to read every security bulletin and stay up to date on all vulnerabilities that happens in all the different types of wearables.

Unfortunately, many wearables will likely never get any updates from their manufacturers, so patches are not going to help address the emerging threats.

How Can We Protect Ourselves?

iot security privacy wearablesFor businesses, traditional network security approaches must be reconsidered before an organisation deploys any IoT program. Realise that there is no single firewall product that is going to solve this issue. Rather, businesses need to familiarise themselves with security solutions that are designed specifically for IoT challenges.

Separating IT and IoT

Since firewalls might not be effective in IoT traffic, a new approach must be considered. Ultimately, security administrators may even decide on putting wearables on completely different networks, thus separating IT and IoT devices. When a hacker compromises one network, it will not allow easy accessibility to the other.

While this might sound like an extreme protection strategy, but in matters that concern important data, the business must perform risk assessments to ascertain the appropriate network separation level. Staying updated with evolving improvements in IoT security and vulnerability assessments will be crucial too.

Health Issues

What if the device stops working or sends the wrong data? Bodily injury is another issue that wearables manufacturers have to plan for. Malfunctioning devices may cause illness, injuries and even the loss of life of patients or wearers.

In such cases, the device manufacturers can face product liability lawsuits. The following strategies may help in protecting against risks related to bodily injury:

  • extensive testing during production,
  • conducting a better hazard analysis,
  • planning for mitigation,
  • developing clear use and safety instructions
  • and evaluating adherence to and awareness of key standards.

Other Solutions

Other than that, it advisable for anyone using any kind of wearable technology to sign up and utilise one of the many software and hardware solutions engineered to mitigate the vulnerability of these devices. A good example is the Cujo handheld and portable anti-hacking module.

Related: Interview with Einaras Gravrock from CUJO Smart Security Device

With such a device, you can centralise and encrypt all communication networks surrounding all your smart wearable devices making any it virtually impossible to hack or remotely control the device (s) in question. Yes, it might cost a bit extra to do this, but as you will soon realise, you could be averting the potential loss of a lot of money or even life.

If everything fails, at least ensure you are ready for possible security breaches. Always have a good exit plan ready, a way to secure data quickly and render any compromised information useless without damaging the IoT infrastructure. Furthermore, it is necessary that everyone involved, including employees and customers, is properly educated about the possible security breaches. Provide instructions on how to tackle these breaches, and also how to prevent them.

Related: The Importance of Being Unplugged: Why it’s Good to Occasionally Disconnect

In Conclusion

The technology behind Internet of Things (IoT) assumes that related technology and underlying network devices can operate automatically and intelligently. Even if security experts addressed all the security concerns related to wearables, people have increasingly become too dependent on this kind of automation. Since this technology has yet to be made resilient, any technical malfunctions can result in physical injury and financial damages.

Thus, even with the hype surrounding wearables continuing to rise, especially with the unlimited possibilities that IoT creates, sobriety is vital to ensure that manufacturers are designing their devices with security in mind and consumers are more cautious about wearables.

Either way, it is the hope of the average consumer who relies on such devices that tech experts will close the various loopholes surrounding IoT technology as soon as possible.




There are 2 comments

Add yours

Post a new comment