Wearable Tech - Can your life be hacked?

Paraphrasing the song made famous in the 1960s by The Troggs and wonderfully updated by Bill Nighy in "Love Actually" Big Data is really all around us. We are making more and more data about ourselves available to a broader audience. But what if that data is stolen? Is it useful to anyone?

A look at the new products coming from this year's Consumer Electronics Show is proof that 2014 will be the year that wearable technology moves from The Valley of the Geeks in Main Street. Google Glass is perhaps the most feted piece of wearable tech but there are dozens of wristbands that track our activity, apps that we can log our meals in and devices for capturing all manner of biometric data. Intel even released an earbud that tracks your pulse and reminds you get more exercise.

One report suggests that 90 million wearable devices will be shipped in 2014.  A report from Juniper Research predicts that wearable tech shipments will reach 150 million devices by 2018.

Should we be worried?
Let's think about what data could be collected by someone wearing just two devices – some connected glasses and a wristband.

The connected glasses can, potentially, scan everything you eat, track all your movements and provide an ongoing record of not only where you've been but what you've looked at.

The wristband can track your heart rate, the number of steps you've taken, location, perspiration and respiration rate. It might even track your blood sugar through a sensor.

On their own, none of these pieces of data are particular useful or valuable;. But if they’re aggregated and collated, they can form a comprehensive view of your lifestyle. Coupled with the personal information many of us willingly provide over social media and pretty soon, you'll truly have no secrets.

All data is valuable to businesses whether they realise it or not. Say you make a claim against your health insurance. What if the insurer had access to your activity and knew that you'd consumed one more drink that you should have or engaged in an unsafe activity? They could use that to refuse a claim or increase your premiums.

According to Trend Micro "As we connect ourselves more and more to the internet, literally, it’s important to be mindful of the risks and implications of these new devices. Fitness bands that monitor and capture information about our movement using GPS can provide a malicious user with details about our daily routines and patterns as well as our current location".

All these new devices expand the area of your personal and business threat surface. Every device that connects data needs to send that somewhere so that it can be processed and made useful.

According to Joakim Sundberg, a security solution architect at F5, "This type of technology will clearly be a target for hacking – any new development which could open up a chink in a corporation's armour always is. Clearly, new apps will have to be built for the device, and existing apps will have to be heavily adapted to work properly on it, so there is the potential for a new back door for criminals to, for example, attempt to extract sensitive corporate or personal data".

Domingo Guerra is the president and cofounder of Appthority. This San Francisco-based company profiles mobile apps and provides its customers with a risk profile for those apps.

"It's still early in the wearables space around healthcare, and right now a lot of the information may be just personal - maybe sharing it among your family. But as soon as that (data) starts being sent to a medical or insurance provider, which might offer discounts if you're healthy, and you exercise, and you're eating right, we're going to start seeing government involvement in the form of regulation."

With wearables, Guerra suggests that some of the lessons learned over the last few years with the proliferation of mobile apps will be invaluable.

"Mobile exploded really quickly, and a lot of developers started building apps into the new ecosystems. We shouldn't be surprised if wearables suddenly take off, and we should start planning ahead."

More RSA Coverage can be found in our Special Edition event coverage.

Upcoming Events to be noted:

CSO Workshop | Threat Intelligence - Best Practise | Sydney - March 25th secure your seat today

HP Protect 2014 | Canberra - March 26th | Security for the New reality | Seats are limited register today


Join the CSO newsletter!

Error: Please check your email address.

Tags personal dataWearable technologyjuniperJoakim SundbergConsumer Electroncs ShowGoogle GlassWearable TechDomingo GuerraF5 NetwokrsTrendmicrosecuritymobilityAppthority

More about ACTBillConsumer ElectronicsCSOF5GoogleHPIntelJuniperRSAThreat IntelligenceTrend Micro Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place