Dubai: Growth in wearable devices is going to give hackers a new playground to play as the new trend is going to give access to huge amounts of data.
Android and IOS devices have the ability to track users’ movements. Every time a user signs up to a new service or app he tends to blindly tick the box, agreeing to the terms and conditions.
But who has ever read these? Often these terms and conditions grant the service provider the right to collect and use data, about how the service is used and any data volunteered. It is an exchange, one we often enter into unconsciously.
“Wearable devices are collecting information like where we are and what are our interests and this information is shared with third parties for advertisements to recommend products, so we are losing our privacy,” said Mohammad Amin Hasbini, senior security researcher, Global Research and Analysis Team (GReAT) at Kaspersky Lab Middle East.
He said that wearable devices communicate with the mobile devices through Bluetooth, a known protocol. We have seen in the past that many attacks happen through Bluetooth.
With bring your own device (BYOD) into the corporate environment is gaining traction across the world; he said that wearable devices pose major challenges to the IT industry.
There are chances that someone can manipulate the data remotely.
According to research firm International Data Corporation, the wearable devices market will reach a total of 19.2 million units in 2014, driven primarily by gadgets such as Fitbit and Jawbone bracelets.
Fitness bands monitor and capture information about users’ movement using GPS and can provide a malicious user with details about our daily routines and patterns as well as our current location.
“It is very hard to keep personal data completely confidential. One would think the more established the company the more trustworthy it is. But we know that by just using a mobile phone, our data will be collected,” said Tunde Cockshott, Creative Consultant at Amaze, a global digital marketing and technology agency.
Buying a product from Amazon means that our purchase history will be collected and used to target offers to us and to help sell to others. Companies may share or sell the data to third parties but usually you get the option to deny them this right.
“It comes down to evaluating. If the value you as an individual gain from sharing your data in terms of an improved service, is greater than the potential loss you may incur. This is a hard equation, but in order to use almost any digital service you need to have an account or travel through an intermediately service. In these cases, we ‘give away’ our online or digital behaviour,” Cockshott said.
eCommerce and eMarketing runs on a rich diet of data. The more you know about people, their preferences, habits, purchases etc, the more accurately you can “target them with products and services to which they may be responsive.”
The data can take two forms. Personal data, which can be directly tied back to the individual, and that which is aggregated with data from others. Personal data allows a company to market directly to a user, whereas the aggregated data allow brands to spot trends and common behaviours in a group of people. Both forms are valuable to the makers of the devices and third parties.
Companies will try to find ways of finding out our economic status and use social economic profiling to better understand our potential likes and dislikes. But this is only one part of the story.
“If we look at the work Google is doing with Google Now and Google Glass, it is building a new type of computer experience, based on anticipation. Google now collects data about the route you take to work, the time you leave, how you travel etc,” Cockshott said.
Since wearable devices are becoming a part of our lives and it is the trend, Hasbini said that consumers cannot stop the growing demand. That is the future and wearable devices are very likely to be used as a key to enter your car or your home or even it can be used as your ID in future.
As an extension of BYOD, Sean Newman, Security Strategy, Sourcefire said in a statement that businesses should already have information and network-security policies in place, to cover many of the concerns applicable to wearable technology.
Although most IT departments already have guidelines that address such issues as workplace social networking, safe computing and BYOD usage, wearable technology raises several questions for the further development of these standards.
However, despite the potential risks, Newman said the benefits of BYOD and wearable technology are often too strong to ignore. In order to retain control in this mobile world, IT security professionals must be able to see everything in their environment, so they can establish risk level and then secure it appropriately. For most enterprises, the right solution is to implement policies that clearly define the proper use of employee-owned devices in the enterprise and then have enough checks and controls in place to enforce those policies.
“At the end of the day, where IT security is concerned, there is no silver bullet and, as cyber criminals become ever more cunning, it is a major challenge for organisations to stay one step ahead. However, increasingly, it’s the way companies deal with hacking incidents when they actually occur that really matters,” Newman said.
Having smart plans in place to detect, prevent and, if necessary, remediate quickly can mean the difference between a minor technology hiccup and a full system meltdown.
“Hackers are very happy as it runs on the same operating systems in the market. The criminals can have full control of the devices. They can use the cameras on the smartwatches to monitor, take pictures and they can follow a user by using the GPS embedded into the device,” Hasbini said.
By the end of 2013, Kaspersky saw an increase in ransom ware where hackers take full control of your device and lock it. Hackers ask huge ransoms to unlock devices.
Hasbini urged consumers to be careful when installing apps on the device, especially Android apps. In the Android space, “we have seen more malicious applications.”
However, he said that many security solutions providers will soon come out with protective measures for wearable devices to safeguard from hackers.
