Smartwatches and spectacles offer hackers new entry points.
Apple’s entry into the wearables market may have been exciting to some, but it was unlikely to have been a good day for those in cybersecurity. With every new device comes new methods of attack, and the new watches and eyewear cannot escape this fact.
That in mind, CBR decided to take a look at how we can expect to be attacked in this sector.
1) Google Glass vulnerable on public Wi-Fi
Preparing for the release of Google’s smart spectacles, Kaspersky decided to run a few tests on the technology to see how it performed on public Wi-Fi. By poisoning the network to reroute traffic the security firm could determine what could and couldn’t be seen from a user’s activity.
While almost all the traffic from Glass was encrypted, enough was left in plain text to inform hackers what sites they had visited. As Roberto Martinez, a security analyst at Kaspersky, said, it was "nothing too sensitive but in some cases useful for when carrying out a profiling job."
2) DDoS attacks may affect doctors’ tools
The potential for the wearable devices to improve medical technology has been one of the big selling points of the technology in the public sector. Doctors have long been using computers to aid the medical process, and wearables seem like a natural extension.
Unfortunately reliance on wearables opens up frightening possibilities. As Trend Micro senior threat researcher David Sancho wrote in a blog: "A simple Denial-of-Service (DoS) attack could prevent a doctor from operating on a patient or prevent a law enforcement agent from acquiring input data to catch criminals."
3) Privacy is at risk as wearables collect data
Consumers are now used to their smartphones doing research on them, even if they aren’t that happy about it. Wearable tech offers even more chances to take notes on our behaviour, which is potentially useful but also potentially dangerous.
Hackers have already become skilled at profiling, and this trend is only set to get worse. "Fitness bands, that monitor and capture information about our movement using GPS, can provide a malicious user with details about our daily routines and patterns, as well as our current location," Sean Newman, security strategist at Cisco, told CBR.
4) Digital pickpocketing is likely to rise
With the rise of contactless payments, facilitated by near field communication (NFC), the security industry has warned about the risks to the user of having money stolen from them in what is sometimes called "digital pickpocketing".
One form can be used by converting a mobile into an radio frequency identification (RFID) scanner. Once set up the user can seek out payment cards with RFID chips, before exploiting them to steal money from unwitting victims.
"The payment card industry wanted to speed things up a little and make it much faster for people to buy things," Security consultant Steve Manzuik told KOMO News. "They are moving to this standard, which clearly isn’t as secure."
5) Smartphone connections could be exploited
At some point Apple Watch could become self-sustaining, but right now they need to be tied to an iPhone in order to work. This has provoked much derision in the tech community, undermining the pitch that your watch can replace your phone.
That connection also creates an additional point that hackers can attack. Ken Westin, security analyst at Tripwire, told betanews: "There will be a race to hack the Apple Watch. The device connects to iPhones and other iDevices, so that connection may be a potential attack vector."