Wearable devices are one of today’s hottest technology product categories. As their name implies, they are intended to be persistently worn by (and used by) their owners, primarily during waking hours (although quality-of-sleep monitoring is a capability touted by some devices). Therefore, unsurprisingly, the information they both collect from and report to their owners is highly individual in nature. And therefore, once again unsurprisingly, that same data is potentially of significant interest to unsanctioned individuals other than those supposedly unique owners.
Commonly identified wearable product categories include the following:
• Activity trackers (i.e. fitness bands)
• Smart watches, and
• Smart glasses
They are intended for use in addition to the increasingly ubiquitous smartphone and tablet, sometimes in a standalone fashion but often in conjunction with those latter legacy mobile electronics devices. As such, they’re able to harness the tethered handheld device’s existing computing, storage and Internet connectivity facilities, leading to wearable device reductions in required size, weight, processing horsepower, power consumption and all-important cost versus what would otherwise be the case. This close-proximity tether is a potential point of security compromise, although as you’ll soon see, only one of many.
The Microsoft Band
The Microsoft Band is a combination activity tracker and smart watch. The first thing you’ll likely notice in looking at the picture of it, is its 320 x 106 pixel 1.4” (245 pixel per inch) full-color and touchscreen-enhanced LCD. Along one side of the LCD are a microphone and a combination ambient visible-and-UV light sensor. Embedded in the band, and intended to rest against the wrist, is an optical pulse rate-monitoring sensor that employs photoplethysmography (PPG) techniques. Opposite it, behind the LCD, is a magnetic charging connector. And surrounding both of them, intended to both confirm proper Band wear location on the wrist and to assess the user’s perspiration state, are galvanic skin response sensors.
The Band’s other capabilities require a teardown in order to ascertain them. Connectivity to an Android, iOS, or Windows Phone-based device comes from a Bluetooth 4.0-capable transceiver. Motion and orientation are ascertained by the combination of a gyrometer and three-axis accelerometer. Location (and additional motion-and-direction) data are determined by an integrated GPS receiver; this aspect of the hardware design is fairly unique, as most other wearables rely on a smartphone’s or tablet’s GPS facilities. Finally, there is a skin temperature sensor. And DRAM and flash memory enable temporary local storage of logged data until tethering allows for its further processing and archive elsewhere.
Wearable Alternatives
Other wearables offer a subset-to-complete set of the Microsoft Band’s building blocks; some surpass it in certain respects. A barometric sensor, for example, added to the second-generation Band, enables various weather-related features, but it also supports the determination of both absolute elevation at any point in time and rate of ascent-or-descent over time. Some wearables, such as the Google Glass headset, include image sensors for photo and video capture, as well as augmented reality information display and other image analysis-and-response purposes. Some Android Wear smart watches include Wi-Fi transceivers as an alternative means (beyond Bluetooth) of tethering to mobile devices. And LG’s Watch Urbane 2nd Edition one-ups them all with an integrated LTE cellular data modem.
Vulnerabilities and Resolutions
The potential for a data security breach perhaps obviously begins at the wearable device itself. Fortunately, many wearables’ physical connections are restricted to charging-only capabilities, versus enabling broader data-transfer support (and some forego even power-transfer ports in favor of support for so-called wireless charging). However, the inherent portability (therefore misplace-ability) of a product that you can take off your wrist or your head increases a hacker’s likelihood of easy access to it.
While it may be difficult to imagine someone taking a device apart and probing its nonvolatile memory to retrieve stored data, such a scenario is not completely out of the realm of possibility. For maximum possible data defense, therefore, consider encryption as a key part of your local data storage-and-retrieval approach. For devices that conduct data transfer via Bluetooth, a by-default persistent “discoverable” mode is not recommended; instead, make the device discoverable only during the “pairing” process.
Also, when pairing a wearable with a new handheld device, automatically erase the wearable device’s locally stored data, so that a hacker doesn’t gain access to a prior valid user’s information. And do everything possible to preclude “jailbreaking,” a technique often intentionally accomplished by owners in order to expand devices’ capabilities beyond those normally supported by the manufacturer. Unfortunately, such “jailbreak” feature set expansion can be accompanied by the addition of various security vulnerabilities.
Similar encryption enhancements and other security lockdowns should be implemented at whatever clients (smartphones, tablets, computers, etc.) contain temporary or permanent copies of the user’s personal data sourced from the wearable device, as well as at the “cloud”-based server that’s often the ultimate data nexus. And don’t forget to also lock down any wired or wireless data transfer topologies between devices, in order to preclude “snooping” attempts that might otherwise result in access to an unintended copy of the data set.
Bottom line: the concept of manufacturer-initiated upgrades (versus requiring users to stumble across and implement them) for all points of the data chain from the wearable to the cloud server must be a fundamental characteristic of the hardware-plus-software system definition and implementation.
As any number of past-history technology horror stories bear out, no matter how ironclad you attempt to make your design, vulnerabilities will be uncovered and, in the absence of a rapid patch response from the manufacturer, will be exploited. Even if you believe that a particular wearable product will only be used for a year-to-few before being replaced by the consumer with something newer and better, you can’t afford to have an equally short-term view of system support. A data breach, even of a product that the market generally views as obsolete, could do irreparable long-term damage to your company’s brand cachet. Invest accordingly.