Wearable devices are here. They’re not universal, or even prevalent, yet, but the numbers of folks with a Fitbit, Samsung Gear or Apple Watch are only going to grow. That’s not to mention the still-in-development tech like implanted health monitors and sense enhancement mods, but we’re not all that far from those, either.
With all of this tech coming into so many lives, and collecting so much information about consumers and workers, there is a broad potential for security risk. Malicious software can steal personal information and activity patterns from consumers, and if someone uses personal devices for work, enterprise-level intelligence can be at risk, too.
Jim Haviland, CSO of enterprise mobility specialists Vox Mobile, says that we’re seeing a parallel to problems we’ve seen before with emerging technology. “The biggest issue at the moment is the lack of standardization,” he said. “There are so many different ways in, and there aren’t a lot of enterprise-level standard platforms [for wearable development] yet.”
He’s not wrong. Although heavy hitters like Microsoft are promoting platforms for IoT development, most wearables are coded on derivatives of a mobile OS like Android or use some proprietary platform that hasn’t been well vetted, mostly because it isn’t widely used. This makes the devices vulnerable to a variety of exploits and until the industry or governments set standards for encryption and other security measures, the huge pile of data will remain in danger.
“With mobility, we still see most startups looking at how to solve a specific thing because they’re thinking in a ‘behind walls’ model,” said Haviland. “That doesn’t work in the IoT.”
What will work is an incremental improvement model. Every generation of devices will be better than the one before, hopefully keeping ahead of the hackers, but more likely learning how to fix the holes from the attempted and successful attacks.
“Everyone wants to be the ‘Steve Jobs’ for this one, but I don’t think that job’s open,” he said. “I think over time, there will be a number of standard platforms [like with mobile OS now].”
The first step, he said, and the most dangerous missing security feature today is encryption. It’s important for the industry to keep developing and advocating for a common method for getting to encryption. And although data is important, the weak spot is at the control capabilities.
“As soon as we have the ability to learn insights at the point of action, that’s when M2M becomes really valuable,” he said. “We have to figure out how to protect that command and control ability to maintain that value.”
The nightmare scenario is that an “IoT virus” could enter a system through a worker’s unsecured wearable device, and take control of vital functions. As an example, such controls could grant a malicious user control over a power grid, medical facility or airport.
Now, that’s unlikely, but not impossible and Haviland says the stakes are real. “We’ve got to learn about this stuff. We’re still in the ‘we don’t know what we don’t know’ phase,” he said.
The important thing for now is to keep developing and to keep talking about the concerns and the solutions. Join the conversation in the comments below. Tell us if you’re worried about wearable security, or how you’re taking steps to create encryption standards.