Wearable Device Security Concerns
Wearable Device Security – Over 300,000,000 wearable devices are going to be deployed in the next several years
Wearable Device Security – Janco Associates has determined that most mobile devices have some major vulnerabilities. They include:
- Insufficient User Authentication/Authorization: Many devices are vulnerable to account harvesting, meaning an attacker could gain access to the device and data via a combination of weak password policy, lack of account lockout, and user enumeration.
- Data Encryption Missing: Most devices have implemented transport encryption using SSL/TLS, but almost one half of all cloud connections are vulnerable to the POODLE attack, allow the use of weak cyphers, or still used SSL v2.
- Insecure Interfaces: Over 1/3 of smartwatches use cloud-based web interfaces, all of which have major security concerns. In addition there are security concerns with the devices mobile applications. These vulnerability enables hackers to identify valid user accounts through feedback received from reset password mechanisms.
- Software/Firmware Updates Not Secure: Firmware and software security issues, include transmitting updates without encryption and without encrypting the update files. On the plus side, most updates are signed to help prevent the installation of contaminated firmware. While malicious updates cannot be installed, lack of encryption allows the files to be downloaded and analyzed.
- Privacy Controls are missing: most wearable devices collect some form of personal information, such as name, address, date of birth, weight, gender, heart rate and other health information. Given the account security issues and use of weak passwords on some products, exposure of this personal information is a concern.
The use of wearable devices that can capture and broadcast video, voice, data and location information is increasing at an accelerated rate
Janco addresses the security, privacy and reputation management issues for a world in which wearable devices have cameras, microphones, massive data storage and INTERNET connectivity
Wearable devices provide a variety of potential business or educational uses involving accessing, capturing and sharing data. At the same time they can pose a significant security risk to an organization with, the ability to surreptitiously record audio and video can threaten business confidentiality and jeopardize company data and even its reputation.
With that in mind, the consultants at Janco Associates have created a Wearable Device Policy that can be downloaded and used as a guideline for organizations as they establish rules for the use of such devices in the workplace.