Since last year, noise about wearable technology has twittered through the tech community, reaching a fever pitch at this year’s Consumer Electronics Show. While the consumer benefits and applications are apparent, numerous questions have arisen over how this new brand of technology will impact security.
There are two sides to “security” when it comes to wearables. First off, there are
far-reaching applications for this technology within the security industry. Secondly, however, this tech poses some major threats to personal security and privacy.
From an industry perspective, wearables offer a special function when paired with everything from access control to identity verification. One product in particular, the Nymi bracelet, uses similar technology to an activity tracker like the Nike+ FuelBand, but monitors a person’s unique electrocardiogram (ECG) as a means of personal identification and access control. Instead of relying on biometrics (most commonly fingerprints) which can be relatively easily faked by an expert, the Nymi provides a much more secure method of verification through perpetual ECG validation. Also, because the Nymi doesn’t require direct contact with the lock (as opposed to a key in a doorknob or a finger on a scanner), it can work efficiently based on proximity, which can have countless applications such as mass transit entrances or ticketing.
Health monitoring bracelets like the FuelBand and the Fitbit have already broken into the consumer market; others, like the Nymi, are looking to move beyond personal tracking in search of broader applications. Because they monitor vital stats, the healthcare industry has seen a major opportunity in health bands. Storing patient information and medical history on a bracelet could become a significant sea change in the industry over the next decade.
As with any technological advancement, however, there is an inherent risk; and that risk is magnified exponentially when dealing with private information such as medical records.
“It’s still early in the wearables space around healthcare, and right now a lot of the information may be just personal—maybe sharing it among your family,” Domingo Guerra, president of mobile app risk management service Appthority told InformationWeek. “But as soon as that [data] starts being sent to a medical or insurance provider, which might offer discounts if you’re healthy, and you exercise, and you’re eating right, we’re going to start seeing government involvement in the form of regulation.”
Protecting a wearable tech patron’s privacy from government interference is one thing—we’ve already seen legislative backlash to Google Glass and other augmented reality glasses—but those same technologies also provide a trove of personal data that can be available to cybercriminals. No matter how secure a service purports itself to be, there is a hacker up to the challenge.
The problem with wearables, as was the problem with smartphones when they first hit the market, is that they are catching on so quickly that developers are more concerned with functionality and utility than they are with privacy and security.
“Every time we connect a new class of device to the Internet we learn the hard way how they can be attacked and subverted,” security blogger Christopher Budd wrote in a recent piece.
For now, wearables remain toys for early adopters. As the tech advances and they become more pervasive, however, developers and users alike are going to have to face tough questions regarding privacy and data security. We may soon live in a world where everyone is a witness, and no crime goes unsolved because smart glasses have captured the event. But with great power comes great vulnerability, and those same tools for good could become targets for criminals and government data collection.