Ahead of Apple’s Announcement: The Security Implications of Wearables | Trend Micro

The world’s attention will be focused on Apple this week and on the topic of wearables. In an event on Tuesday, the Cupertino company is planning to unveil the latest additions to its popular iPhone line along with a wearable device that most folks are just calling the ‘iWatch.’

It is still early days, but wearable technology may soon be subject to spam and malicious 'man in the middle' attacks, suggests a Trend Micro security researcher.
It is still early days, but wearable technology may soon be subject to spam and malicious ‘man in the middle’ attacks, suggests a Trend Micro security researcher.

But as Apple wrestles with the security of its growing stable of mobile devices and the cloud infrastructure that supports them, what will the impact of wearables be?

Well, the folks over at Trend Micro are putting together a series of blog posts that look at that very question. Namely: the (information) security implications of wearables. It makes for some interesting reading.

Among other things, Trend There are three very broad categories that we can use to describe what we are talking about.

The posts, by Senior Threat Researcher David Sancho, break down the wearables space into three categories:  ‘IN’ devices like sensors, ‘OUT’ devices like smart watches and other form factors that display output from other devices (like mobile phones) and a third category, ‘IN and OUT’ devices, like Google Glass that can both capture data and use filters to display it differently.

Sancho sees the trend lines pointing in the direction of most wearables becoming ‘IN and OUT’ devices, as manufacturers look to increase their value by adding more sensors and interactivity. But its early days, so…

In the context of security, Sancho notes the obvious: the more a device can do, the more different ways there are to attack it. But – again- its early days, so there isn’t much reliable data of any kind to support claims that one wearable is more secure – or less- than another.

Still, Sancho sees some areas that warrant attention. For example:

User authentication – he notes that user accounts that accompany wearables are “usually protected by single authentication factor, often times, by passwords.” This could leave the devices vulnerable to attacks in which hackers”attempt to access cloud data by employing tactics such as utilizing the provider’s ‘forgot your password’ mechanisms, using a keylogging Trojan, guessing the password based on data from the user’s other breached accounts, or using a brute-force attack.” (See also: Leaked Celebrity Nudes.)

Wearables will be prime target for SEO attacks and spam rings, he says.

Also in the crystal ball: man in the middle attacks in which an attacker compromises an intermediate device used to relay data to a wearable and steals or otherwise manipulates the raw data.

Altered and Trojanized copies of popular mobile applications used by the wearable device or a supporting mobile device are one possible avenue of attack. The more sensor aware and powerful the device, the more targeted the attack. For example, Sancho poses a scenario in which a cyber criminal who has compromised a Google Glass user starts by intercepting the GPS data from the device to determine the user’s current location. The malware could then download a new malicious app that performs click fraud based on that user’s location.

Read more via Trend Micro’s blog with The Security Implications of Wearables, Part 1 | Security Intelligence Blog | Trend Micro and The Security Implications of Wearables, Part 2 | Security Intelligence Blog | Trend Micro.

Comments are closed.