Whilst wearable technology and Internet of Things (IoT) are popular, security concerns are often ignored for convenience.
Speaking to IT Security Guru, Dan Lamorena, senior director of HP Software Enterprise Security Products, admitted that despite there not having been a major incident yet regarding IoT or wearable technology, there are vulnerabilities inside whilst there is plenty of focus on getting products to market.
“I am sure this is an area of concern and we are finding that many are making security a feature,” he said. “With wearable technology, companies are too focused on getting products to market, but there needs to be an incident to cause it to be taken more seriously. There are more features in products which require a password and don’t lock you out after a number of failed logins, and a lot access private information that you don’t want them to be accessing.”
He admitted that modern devices often carry a lot of common flaws from previous builds, and in the case of wearable technology, he asked how many users would actually consider a device that is able to access the internet from wherever you are, knows your location and knows when you are accessing information?
“If it interacts in an environment I call it wearable tech,” he said. “Apple will give the whole market a kick on the arm with new devices, but the security issues will not go away and will be more prevalent as technologies come to market.
“We have not had a killer app on wearable tech, but a lot of items know where someone else is and the advantage from a criminal point of view is that they know what you are syncing to. Is the information personal or private? I think all things are a concern.”
Last month, research by HP Fortify On Demand found that 100 per cent of top security systems it studied displayed significant security deficiencies, including password security, encryption and authentication issues.
The HP study questions whether connected security devices actually make our homes safer or put them at more risk by providing easier electronic access via insecure IoT products. HP leveraged HP Fortify on Demand to assess ten home security IoT devices along with their cloud and mobile application components, uncovering that none of the systems required the use of a strong password and 100 per cent of the systems failed to offer two-factor authentication.
Lamorena said that often, one of most vulnerable pieces of mobile technology is the application itself, and almost always the application layer. “If you put that into IoT and wearable technology, most of the devices are running a form of Linux and it has code that you can crack and you need to be aware of the vulnerabilities as applications are getting more interested with interacting with other apps,” he said.
“We need to make a change for the better and as a vendor, be more accountable for security as we try to provide tools to be more secure. It is a never-ending battle to develop code securely, and patch it too.”
He admitted that a lot of application vulnerabilities could allow a doorway into the device and your personal data. In the case of fitness-based wearable technology, he said that medical records are now much more expensive than credit card records on the dark web, and an attacker can blackmail a user as they start building up a profile of you and your health, and use data that could turn into valuable information.