Wearable technology: Security’s next dilemma?

Dec. 12, 2013
Examining the benefits and potential shortfalls of next-generation communication devices

Wearable technology is generally considered to include clothing and accessories that incorporate computers or other electronic components (in contrast to implantable technology such as pacemakers, insulin pumps and bionic eyes).  Perhaps the first type of wearable electronic technology was the calculator wristwatch developed in the 1970s.  In the 1990s, the focus shifted to wearable computers.  While a plethora of devices were developed, virtually none succeeded in the commercial marketplace.  At that time, the available technology could simply not support the expectations that developers had in mind.  Compared to today, computer processors consumed significant amounts of electrical power and were relatively slow, displays had low resolution and batteries were large and short-lived.

In a series of recently published reports, however, Juniper Research predicts that the market for wearable devices will exceed $1.5 billion in 2014.  IHS predicts that the number of wearable devices used over the next two years will rise from 14 million to 200 million and ABI Research estimates that this number will more than double to 485 million by 2018.  These include devices used in healthcare, military applications and in the general consumer marketplace.  The latter encompass monitors for physical activity and heart rate, smart watches, remote controls and augmented displays on contact lenses.

Currently, most wearable devices are sports and activity trackers such as the Instabeat, a waterproof heartbeat monitor mounted on swim goggles that measures the swimmer’s pulse or theFitBit Flex, which measures the number of steps taken, the distance walked and the number of calories burned in a day. The LarkLife band similarly monitors physical activity and, in combination with a smartphone, can log what has been eaten, provide nutrition coaching and also serve as a silent alarm clock to wake the user with a vibration pattern.

The miniaturization of electronic components is advancing rapidly and Motorola has recently submitted a patent application for tattoos that act as microphones for smartphones. The tattoo would be placed on the throat and includes a microprocessor and battery.  It could communicate with phones, computers or gaming devices wirelessly.  A similar tattoo, but removable and placed on the wrist or arm, has already been demonstrated by Motorola as an authentication device for phone and tablet computers.

Wearable technology has also become the link between humans and the machines that they wish to control.  For example, Thalmic Labs has introduced the Myo Armband which detects both muscle activity and motion.  Once paired with devices via Bluetooth 4.0 Low Energy, it can be used to control a variety of devices ranging from screen presentations to games to computers. 

Professor Babak Parviz in 2011, then at the University of Washington in Seattle, reported work on contact lenses that could project emails or augment sight with computer-generated images.  Since that time, he has joined Google and developed what has become known as Google Glass - Internet-connected eyeglasses that can take still photos and video, record sound, and project emails to the wearer.  But the technology allows video and audio recording to be accomplished without anyone other than the user being aware that it is being done.  Since the data recorded using Google Glass is stored in a user’s Google+ account, they are available and searchable at any point in the future.  Without a password or PIN (which the Google prototype does not currently possess) it would theoretically be possible for an intruder to connect to the device and download personal information.

Thus, as with all desirable technology, there are tradeoffs.  In the case of wearables, convenience and mobility can come at the expense of security.  Many wearable devices can connect to the Internet via a Wi-Fi access point, leading to the possibility of data theft of personal information, including personal identification numbers (PINs) and passwords.  For example, if someone wears a pair of smart glasses while conducting a transaction at an automated teller machine, the PIN could be captured if the information stream is not appropriately encrypted.  Similarly, working at a personal computer while wearing smart glasses might be even more problematic since accessing a bank account or shopping online could lead to the theft of user identification, account numbers and passwords. 

Wearable technology could also be a boon for corporate and foreign government espionage, allowing hackers to view computer screens and gain access to private meetings.  The trend toward BYOD (bring your own device) in the workplace will only exacerbate the problem, since oversight by an enterprise IT department may be insufficient or lacking entirely.  This means that organizations must be active in taking precautions to prevent such intrusion.  Also, should a large number of individuals bring their wearables into a workplace environment, the indigenous wireless networks may become overloaded if plans are not made in advance to deal with the increasing data traversing the network. There are also hazards of viruses and other sorts of malware being spread among wearables, laptops, tablets, desktops and any other devices connected to the corporate network through Wi-Fi.  The recognition of the security risks posed by wearable devices may lead to restrictions on their use in certain environments.  It may well be the case that organizations utilizing sensitive or classified data may ban entirely the use of technology such as Google Glass.  Some federal laboratories have for years now prohibited visitors from carrying any electronic device while in the facility. 

It has been widely publicized that the federal government has the capability to monitor many types of electronic communications.  It is likely that the datastreams from wearable devices can also be subject to government monitoring under certain circumstances as well.  Participants at a conference held at the Federal Trade Commission in November, 2013 discussed questions related to the ownership of the data generated by wearable devices, where these data are stored, and if sufficient security measures were in place to assure that identifiable information about the user would not be used for malicious purposes.

On the positive side, the appropriate use of wearable technology could also lead to novel ways to gain secured access to controlled environments and devices.  The Nymi bracelet is a wearable authentication device that uses a person’s own electrocardiogram rhythm (unique to each individual) to validate their identity via a smartphone.  It uses three-factor authentication and cannot work without the combination of the unique heart rhythm, the wristband and a secured application on a registered smartphone.  While fingerprints can be easily detected and duplicated, that is not the case with an individual’s electrocardiogram.

Another, albeit simpler, device is the NFC Ring, which is typically used in applications where very close proximity is needed to maintain security.  In this instance, the read distance from the ring to the device is one millimeter, meaning that the device must effectively be touched.  This short read distance also prevents antennas from reading the information contained in the ring-mounted chip.  The developers state that the ring can be used for unlocking mobile phones, allowing access to doors that use NFC-supported door locks and even as a replacement for an automobile ignition button.  However, since physical security is the only security inherent in the device, the ring cannot be safely used for financial transactions.  If an ordinary door key is stolen the lock must be either re-keyed or replaced.  Similarly, if the ring is stolen the lock must be reprogrammed.  Still, since recent studies have indicated that most people do not even bother to lock their cell phones, whether it be by entering a PIN or creating a swipe pattern, the NFC ring could be a significant enhancement to the current complete lack of phone security.

The Motorola Skip for the Moto X phone also uses NFC technology via a small clip that pairs with the phone.  When the phone is tapped on the Skip it is unlocked.  If the Skip is lost it can be unpaired from the phone and replaced with a new one.  The phone will still unlock using a PIN. 

What once may have considered to be a passing fad, wearable technology, like smartphones, will likely become an integral part of most people’s lives in the next few years.  Individual devices must meet the test of the marketplace and public acceptance but the concept is here to stay and the security community would be well advised to adapt to the security concerns that arise and take advantage of the security enhancements that such technology will bring.

About the Author: Dr. Steven Hausman is President of Hausman Technology Presentations and Consulting (www.HausmanTech.com).  He speaks professionally and conducts briefings on a wide array of topics related to technology, science and security that include nanotechnology, robotics, 3D printing, bionics (artificial limbs and organs) and radio frequency identification (RFID).  He can be contacted via his website or his LinkedIn profile at http://www.linkedin.com/in/stevenhausman.