In this interview, Dominic Storey, EMEA Technical Director at Cisco, talks about the security attacks wearable devices are susceptible to at the moment, how security should be implemented for such devices, and much more.
Where are we going with wearable technology and what security and privacy issues can we expect along the way?
Wearable technology is a trend that is really set to take off in 2014, particularly after the launch of Google Glass, a wearable computer with an optical head-mounted display. In fact just this week Google kicked off its first big come-one-come-all Glass sale, opening up the future-forward devices to people beyond the few thousand initially chosen to be beta explorers. In just a few hours Google claimed that all the Glass sold out. And if the media rumblings are true, we should soon see Apple entering the wearable tech scene with its iWatch product which has been hotly anticipated for some time.
This insatiable demand for wearable technology is seeing no signs of abating and according to Gartner, the market will be worth $10billion by 2016. At the moment the focus seems to be mainly on wrist-mounted devices like smart watches and fitness bands. But we think this will switch to products that are less visible, like tech-woven clothes and small rings. Interest in wearable technology will be down to how it is designed with consumer needs at front of mind. Over time the products on offer will diminish in size, improve in performance and drop in price. For these reasons, we believe that wearable devices are only set to increase in popularity.
Although this is all very exciting, it potentially poses yet another security risk to organizations. Consumers, many of whom will take these devices into their place of work, are more focused on factors like battery life and screen size and don’t really think about security control.
What are the most prominent security attacks wearable devices are susceptible to at the moment?
We will witness hackers becoming more organized, industrialized and commercialized in the coming years. Advanced malware and cyber-attacks will continue to be a problem. With Google Glass, hackers could potentially be able to see and hear everything the wearer does. Expert hackers can access a “root” feature by attaching it to another computer and running certain commands. This would allow them to access all of a user’s information and updates, as they happen.
Another specific problem associated with Google Glass is its ability to track the eye movements of the user, making data requests and gathering information without the express permission of that user. Of course, Google will have taken precautions against the most obvious of risks, but we think it’s important to be mindful of the scope of all of this new technology. Especially as hackers will be working equally as hard to outwit experts and gain access to the information they want.
Should BYOD include wearable devices? Where does an organization draw the line when it comes to devices that can be brought into the workplace and its network? What impact can these devices have?
In our opinion, the BYOD challenge is still unfolding as businesses have discovered that they cannot easily prohibit or ban employees from bringing devices into the workplace. Even putting regulations and policies in place about the way these devices are used at work can be difficult to implement and monitor. However, businesses should at least try. You certainly cannot hope to control something unless you put a basic policy framework in place. In the near-term, most wearable technology will need a companion smartphone to connect to the Internet, which couples it very tightly to BYOD. As a result, managing BYOD is a good first step at managing wearable use in the workplace.
We also think that mobile devices and wearable technology can have a potentially fantastic impact on business applications. Imagine, for example, a factory being able to recall complex technical information for equipment without having to lug a heavy laptop around. We are sure the property industry will also love this. But organizations should draw a line by insisting that this type of technology can only be used in a business relevant way.
Can wearable devices be built with security in mind? How does one take into consideration the privacy of others when developing a product like Google Glass?
Wearable devices must be built with security in mind right from the start. We are only beginning to figure out all of the endless potential security risks associated with wearable devices, so thorough testing of these products before they are bought to market is vital.
As wearable technology is adopted by the masses, apps will help them to become highly integrated and connected. This is what we saw happen with mobile, but the potential security risks of constant data sharing and interaction were overlooked. We must learn from what happened with the sudden take off of mobile and apply this when developing new products.
With the imagination of consumers driving the future of technology, it can be all too easy to become swept up in the excitement of possibility. We need to remember that we live and work in a human environment and technology can dehumanize the workplace. Prioritizing the privacy and safety of people should always be considered when developing a new product of any kind.