#RSAC: Wearables Crack Open Enterprises for Cyber-Attack

Written by

The security—or lack thereof—of the internet of things (IoT) has been in the headlines of late, as everything from baby monitors to connected cars have been shown to lack basic security fail-safes. A fresh survey has revealed that one of the top IoT categories—wearables—presents an endemic amount of risk to enterprises.

Wearables are the tip of the spear for the IoT incursion, billed as handy gadgets to keep track of calendars, check mails and use for apps ranging from pedometers to heart monitoring. As their adoption continues and the innovation of the developer ecosystem finds better and better uses for them, these gadgets will increasingly store more sensitive information such as health data, and through connectivity with mobile apps may soon enable physical access functions including unlocking cars and homes.

But despite all of the managing of all that personal information, a full 69% of wearable device owners in a survey by Centrify say they forego login credentials, such as PINs, passwords, fingerprint scanners and voice recognition, to access their devices.

Many of these devices—like smart watches—offer the ability to use these kinds of access authentication approaches. Yet many consumers—perhaps lulled by the fact that the devices are on their arms instead of in their pockets—choose not to use them.

“Wearables are deceptively private,” said Bill Mann, chief product officer for Centrify. “Owners may feel that due to their ongoing proximity to the body, they’re less likely to fall into the wrong hands. However, hackers don’t need to take physical possession of a device in order to exploit a hole in security.

That’s a problem for businesses, considering that 56% of wearable owners use their devices to access business apps such as Box, Slack, Trello, Dropbox, Salesforce, Google Docs, Microsoft Office or a combination.

Perhaps most alarming, despite the lack of login credentials and ready access to corporate data, 42% of wearable owners cite identity theft as their top security concern when it comes to their devices. Lack of IT management and device control comes in second (34%) and a general increase in breaches of sensitive work data or information comes in third (22%).

“As wearables become more common in the enterprise, IT departments must take serious steps to protect them as carefully as they do laptops and smartphones,” said Mann. “The best news is that solutions already exist that can easily wrap wearables into the identity management picture.”

The results of the survey dovetail with what we knew: an analysis from Trend Micro last autumn found that the smartwatches that it tested contain significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns.

Photo © Giuseppe Costantino/Shutterstock.com

What’s hot on Infosecurity Magazine?