The hype around the use of wearable technology and the potential for devices such as Google Glass and smartwatches to disrupt both the consumer and enterprise space continues to grow.
Analyst IDC forecasted that the number of wearables (smartwatches, eyewear, fitness gadgets and so on) shipped during 2015 would reach over 45 million units, more than double the 19.6 million sold in 2014, with further impressive growth predicted for 2016.
This in turn has led to growing concerns about the security of these new, futuristic wearable devices. Could the devices be hacked, and the data they gather be intercepted and siphoned off for malicious purposes? The answer is a definite yes: there’s no doubt that these new devices will be targeted and exploited as their usage grows. But the focus on these shiny new life-enhancing devices obscures the fact that wearable technology has been around for years, with devices such as Bluetooth headsets and heart monitors in widespread usage over the past decade.
What’s more, these devices are just as vulnerable to exploitation as the latest smartwatch or fitness gadget. I recently carried out radio frequency (RF) testing at a major financial institution in London, and one of the many issues I uncovered was vulnerabilities in Bluetooth headsets.
They are particularly exposed as the pairing of the headset with the user’s smartphone often consists of a simple PIN code, and default PINs are commonly left in place. All the hacker has to do then is ‘sniff’ the pairing process with a Bluetooth scanner, and then they can listen in on and record the user’s calls.
Bluetooth Low Energy, the power-efficient version of Bluetooth, is particularly weak in terms of security. Research has demonstrated that it is straightforward enough to capture, monitor and record BLE signal, unless it has proprietary encryption which is not normally the case.
A hacker with particularly malicious purposes could cause potentially fatal damage with this – imagine someone using a heart monitor, and I do not need to spell out the rest. Such are the concerns around Bluetooth security that the NSA in America has advised against using commercially available Bluetooth headsets.
While organizations should be preparing for the growth in newer wearable technology like smartwatches and Google Glass, threats associated with wearables are already present right here and now, and also need to be protected against.