Wearable technology, such as Google Glass and the Samsung Galaxy Gear Smartwatch, is the latest tech trend. Everyone from college students to CEOs are clamoring for the gadgets, which seem reminiscent of something out of a superhero or spy film.
But despite their “cool” factor, wearable technology presents some security risks. Much like a computer or a smartphone, wearable devices allow you to access highly sensitive and personal data and networks. This functionality has security experts concerned about protection against cybercrime, both for the information accessed through the devices and the device’s capabilities in terms of data collection.
In the summer of 2013, Google Glass made headlines not just because it was finally sent out to a select group of testers, but also because in the first few weeks of release, a fatal security flaw was revealed. Researchers who were testing the device developed malware. This malware would identify malicious QR codes in photos taken by Glass and use the code to access websites without the user’s knowledge using any available Wi-Fi connection.
That particular security flaw was immediately rectified, but the incident did raise questions about the overall security of Google Glass and whether the device could compromise data and networks.
Another researcher discovered Google Glass has root capabilities, which can be launched by connecting the device to a computer and running a few commands. A device that has been rooted can then be controlled by a hacker — who can record everything you do while wearing it. This includes your passwords, anything you write down with pen and paper and numbers you enter on a keypad, which could grant a cybercriminal access to your secure accounts. Although Google Glass does have an indicator light to show the device is recording, the user cannot see the light while wearing the device and will probably not notice recording is taking place.
These are just a few of the security flaws users and researchers have identified with Google Glass. Security experts worry a hacked device could create serious security vulnerabilities, not to mention the low amount of security protocols in place. For example, there is no means of securing the device with a PIN, or any biometric security features that would allow only authorized users to use the device. There is also currently no means of installing security software on the device to prevent infection by dangerous malware.
Smartwatches do have some advantages in this regard, as they run on the same Android platform as smartphones, and can be locked using a PIN and protected by anti-malware programs. However, the risk of hacking is not the only concern security experts have about this technology.
Creating a Noncompliant Environment
One of the most talked-about features of Google Glass is the ability to take photos and real-time video with a simple voice command. When activated, the device will record any image the user sees — which could include sensitive information and data protected by federal laws. For example, someone using Glass in a health care facility could inadvertently record patient information without his or her consent, thereby putting the facility in violation of the law.
Smartwatches currently do not have the same video capture capabilities, but they can take photos and make voice recordings. And unlike Glass, which has the video recording indicator light, smart watches can record without anyone even realizing it. This also presents major challenges for security teams charged with protecting data and maintaining compliance.
Many enterprises are taking a close look at wearable technology and trying to determine the most responsible and secure ways to manage them. Some companies are considering all-out bans of Glass in the workplace, as it’s difficult to justify the need for the devices in the enterprise environment, especially given the current low level of security available.
Smartwatches, on the other hand, are proving harder to manage. The devices’ connectivity, easy hands-free calling and portability make them attractive to many professionals. Some IT departments are opting to treat smartwatches as they would any other device under BYOD policy, by requiring users to maintain adequate security protections, providing parameters for appropriate use and insisting on remote lock and wipe capabilities to protect networks. Still, the devices present challenges, particularly with its image and voice data collection capabilities, and there is still a long way to go toward fully securing wearable technology.
The growing interest in wearable technology means that it isn’t going away any time soon. Businesses cannot afford to ignore the trend, and must begin exploring their security policies and protocols now to be ready when employees begin to expect to use the devices at work.