Paraphrasing the song made famous in the 1960s by The Troggs and wonderfully updated by Bill Nighy in "Love Actually" Big Data is really all around us. We are making more and more data about ourselves available to a broader audience. But what if that data is stolen? Is it useful to anyone?
A look at the new products coming from this year's Consumer Electronics Show is proof that 2014 will be the year that wearable technology moves from The Valley of the Geeks in Main Street. Google Glass is perhaps the most feted piece of wearable tech but there are dozens of wristbands that track our activity, apps that we can log our meals in and devices for capturing all manner of biometric data. Intel even released an earbud that tracks your pulse and reminds you get more exercise.
Should we be worried?
Let's think about what data could be collected by someone wearing just two devices – some connected glasses and a wristband.
The connected glasses can, potentially, scan everything you eat, track all your movements and provide an ongoing record of not only where you've been but what you've looked at.
The wristband can track your heart rate, the number of steps you've taken, location, perspiration and respiration rate. It might even track your blood sugar through a sensor.
On their own, none of these pieces of data are particular useful or valuable;. But if they’re aggregated and collated, they can form a comprehensive view of your lifestyle. Coupled with the personal information many of us willingly provide over social media and pretty soon, you'll truly have no secrets.
All data is valuable to businesses whether they realise it or not. Say you make a claim against your health insurance. What if the insurer had access to your activity and knew that you'd consumed one more drink that you should have or engaged in an unsafe activity? They could use that to refuse a claim or increase your premiums.
According to Trend Micro "As we connect ourselves more and more to the internet, literally, it’s important to be mindful of the risks and implications of these new devices. Fitness bands that monitor and capture information about our movement using GPS can provide a malicious user with details about our daily routines and patterns as well as our current location".
All these new devices expand the area of your personal and business threat surface. Every device that connects data needs to send that somewhere so that it can be processed and made useful.
According to Joakim Sundberg, a security solution architect at F5, "This type of technology will clearly be a target for hacking – any new development which could open up a chink in a corporation's armour always is. Clearly, new apps will have to be built for the device, and existing apps will have to be heavily adapted to work properly on it, so there is the potential for a new back door for criminals to, for example, attempt to extract sensitive corporate or personal data".
Domingo Guerra is the president and cofounder of Appthority. This San Francisco-based company profiles mobile apps and provides its customers with a risk profile for those apps.
"It's still early in the wearables space around healthcare, and right now a lot of the information may be just personal - maybe sharing it among your family. But as soon as that (data) starts being sent to a medical or insurance provider, which might offer discounts if you're healthy, and you exercise, and you're eating right, we're going to start seeing government involvement in the form of regulation."
With wearables, Guerra suggests that some of the lessons learned over the last few years with the proliferation of mobile apps will be invaluable.
"Mobile exploded really quickly, and a lot of developers started building apps into the new ecosystems. We shouldn't be surprised if wearables suddenly take off, and we should start planning ahead."
More RSA Coverage can be found in our Special Edition event coverage.
Upcoming Events to be noted:
CSO Workshop | Threat Intelligence - Best Practise | Sydney - March 25th secure your seat today
HP Protect 2014 | Canberra - March 26th | Security for the New reality | Seats are limited register today