IoT: Device Vulnerability & Security Concerns in Wearable Devices


Wearable IoT have broaden and improved the perspective of individuals about their surroundings. A successful IoT device has to be affordable as well as reliable. It should not interfere with other devices and should incorporate mechanisms to remain immune from interferences. It should further ensure effective battery life with perfect functionality and energy efficiency. However, the risks involved in attaining this ideal scenario are many.

IoT include a plethora of devices or things like vehicles, smartphones, televisions, wearable devices like fitness tracking devices, smartwatch and Google Glass, etc. These devices are embedded with software applications, sensors and other components for receiving and sending data. A colossus of connected devices is created by inter-connectivity of those devices. This connectivity offers magnificent benefits to people’s lives but it entails certain security and privacy concerns. The most conspicuous among them are the wearable devices which are gaining widespread acceptance among general population. Wearable IoT include smartwatches, smart glasses, fitness trackers to name a few. The wearable IoT devices offer convenience and great deal of comfort to the user. They sense, translate, collect and prepare data for transmission to remote storage in order to be processed. However, this technology has not entered the daily lives due to reasons of its reliability, limited functionality and feasibility.  It entails certain security and privacy vulnerabilities and issues for which literature is reviewed in this paper. These security and privacy related issues are subject to device access, access to information shared by the device with other controlling or non-controlling devices and access to information stored in cloud by transmitting it from the IoT device. Research in recognizing potential privacy and security risks delve into the issue for analysis. However (Snader, 2016) states that the solutions identified for addressing these issues may hamper with the ability of the device to connect with its controlling device. Certain other constraints like power consumption and computation constraints lead to unencrypted and insecure data transmission.

Vulnerabilities

The literature by Ching and Singh in (Ching, 2016) illustrates the utility of various wearable devices like fit bit, google glass and smart watch. (Lee, 2015) perceived and analyzed the risks for wearable IoT devices. A security analysis on real world examples revealed the vulnerabilities of wearables with regard to privacy and security. This includes photo bombing and scanning of malicious QR code thus unknowingly rendering access to malicious sources and websites or even recording of videos without consent using a wearable. Other wearable devices showed security vulnerabilities in terms of authentication as stated by (Ching, 2016). The wearable devices may be synchronized with other devices in order to send notifications to the user in a more convenient manner. But the vulnerabilities like privacy problem, lack of encryption and inefficient authentication lead to attacks on those devices. Various attacks like DoS attack, draining of battery, data injection attack, account harvesting, man in the middle attack, phishing attack were possible with the glitch in security among those devices. Health information of the victims can be easily hacked and used for malicious purposes thus rendering potential risk of privacy. A lot of evidence has been provided where lock identification pattern could be deciphered through brute force attack with any sniffing tool available openly.  The manufacturers build wearable-optimized versions of productivity enhanced devices for personal as well as business use, thy fail to keep up security concerns with innovation. This leads to fraudsters to compromise these devices to access highly valuable information. With all the researched literature on vulnerabilities in wearable devices, the major flaw is identified as the lack of authentication mechanism. 

Security Concerns

Some concerns related to security of wearable IoT which concern users include

2.2.1. Continuous connectivity: Potential vulnerability from Bluetooth. Any external device may detect and sync with the wearable device. Wearables store data on local device with no user authentication for accessing data. This involves the risk of easy data access if the device falls into hands of attacker.

2.2.2. Compliance: Insufficient or no compliance or regulation. The mechanism in wearable devices may not be held accountable for data breach. Mobile device management does not cover wearables even when they too may be considered as device with full mobility. This is because the wearables operate differently from apps and devices of mobile platforms.

2.2.3. Device Architecture- Owing to small size, they are low on memory, bandwidth, computational capabilities and high on power usage (Siboni, 2016). Therefore, they use lightweight authentication algorithms and encryption methods thus getting prone to security issues.

2.2.4. Network Connectivity- Network connectivity may be acquired through cellphone, internet or Bluetooth. The designing of wearable devices does not consider the aspects of security as serious in order to keep costs low. Wearables in the corporate world constantly transmit information and consume bandwidth and their proliferation leads to more attack points in the system’s network.

2.2.5. Data Collection- Risk of information theft and privacy largely depend on the type of data collected by the wearable devices. Data is a valuable asset in today’s interconnected world. This includes personal information about the user including behavior, habits, health information, personal images, etc. It is also used in corporate world for better productivity and accessibility in business.

2.2.6. Lack of support: These devices are mostly unsupported to keep the cost low as they are built with low or no security skills. The manufacturers do not concentrate on embedding security measures within the design of these devices to secure the device and data, manage access to the device and its data and monitor and maintain security to some extent.


References

Ching K. W., Singh M. M., May 2016. “Wearable Technology Devices Security and Privacy Vulnerability Analysis”. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.3, DOI: 10.5121/ijnsa.2016.8302 19

Lee L. N., Egelman S., Lee J. H., Wagner D., 22 April, 2015. “Risk Perceptions for Wearable Devices” University of California, Berkeley. 

Snader R., Kravets R., Harris III A. F., 2016. “CryptoCoP: Lightweight, Energy-efficient Encryption and Privacy for Wearable Devices”. Proceedings of the 2016 Workshop on Wearable Systems and Applications

Siboni S., Shabtai A., Tippenhauer N. O., Lee J., Elovici Y., 2016. Advanced Security Testbed Framework for Wearable IoT Devices. ACM Trans. Internet Technol. 16, 4, Article 26 (December 2016), 25 pages. DOI: https://doi.org/10.1145/2981546

Comments

Popular posts from this blog

Wireless Sensor Network Protocol: Sensor Protocol for Information via Negotiation (SPIN)

Artificial Intelligence in Patient Health Monitoring System