Wearable technology: Security’s next dilemma?

Examining the benefits and potential shortfalls of next-generation communication devices

Thus, as with all desirable technology, there are tradeoffs.  In the case of wearables, convenience and mobility can come at the expense of security.  Many wearable devices can connect to the Internet via a Wi-Fi access point, leading to the possibility of data theft of personal information, including personal identification numbers (PINs) and passwords.  For example, if someone wears a pair of smart glasses while conducting a transaction at an automated teller machine, the PIN could be captured if the information stream is not appropriately encrypted.  Similarly, working at a personal computer while wearing smart glasses might be even more problematic since accessing a bank account or shopping online could lead to the theft of user identification, account numbers and passwords. 

Wearable technology could also be a boon for corporate and foreign government espionage, allowing hackers to view computer screens and gain access to private meetings.  The trend toward BYOD (bring your own device) in the workplace will only exacerbate the problem, since oversight by an enterprise IT department may be insufficient or lacking entirely.  This means that organizations must be active in taking precautions to prevent such intrusion.  Also, should a large number of individuals bring their wearables into a workplace environment, the indigenous wireless networks may become overloaded if plans are not made in advance to deal with the increasing data traversing the network. There are also hazards of viruses and other sorts of malware being spread among wearables, laptops, tablets, desktops and any other devices connected to the corporate network through Wi-Fi.  The recognition of the security risks posed by wearable devices may lead to restrictions on their use in certain environments.  It may well be the case that organizations utilizing sensitive or classified data may ban entirely the use of technology such as Google Glass.  Some federal laboratories have for years now prohibited visitors from carrying any electronic device while in the facility. 

It has been widely publicized that the federal government has the capability to monitor many types of electronic communications.  It is likely that the datastreams from wearable devices can also be subject to government monitoring under certain circumstances as well.  Participants at a conference held at the Federal Trade Commission in November, 2013 discussed questions related to the ownership of the data generated by wearable devices, where these data are stored, and if sufficient security measures were in place to assure that identifiable information about the user would not be used for malicious purposes.

On the positive side, the appropriate use of wearable technology could also lead to novel ways to gain secured access to controlled environments and devices.  The Nymi bracelet is a wearable authentication device that uses a person’s own electrocardiogram rhythm (unique to each individual) to validate their identity via a smartphone.  It uses three-factor authentication and cannot work without the combination of the unique heart rhythm, the wristband and a secured application on a registered smartphone.  While fingerprints can be easily detected and duplicated, that is not the case with an individual’s electrocardiogram.

Another, albeit simpler, device is the NFC Ring, which is typically used in applications where very close proximity is needed to maintain security.  In this instance, the read distance from the ring to the device is one millimeter, meaning that the device must effectively be touched.  This short read distance also prevents antennas from reading the information contained in the ring-mounted chip.  The developers state that the ring can be used for unlocking mobile phones, allowing access to doors that use NFC-supported door locks and even as a replacement for an automobile ignition button.  However, since physical security is the only security inherent in the device, the ring cannot be safely used for financial transactions.  If an ordinary door key is stolen the lock must be either re-keyed or replaced.  Similarly, if the ring is stolen the lock must be reprogrammed.  Still, since recent studies have indicated that most people do not even bother to lock their cell phones, whether it be by entering a PIN or creating a swipe pattern, the NFC ring could be a significant enhancement to the current complete lack of phone security.

The Motorola Skip for the Moto X phone also uses NFC technology via a small clip that pairs with the phone.  When the phone is tapped on the Skip it is unlocked.  If the Skip is lost it can be unpaired from the phone and replaced with a new one.  The phone will still unlock using a PIN.