The wearables revolution is coming – security professionals must be ready
I can hardly be the first to suggest that 2014 may finally be the year that wearable technology becomes mainstream. 2014 should, barring any last-minute complications, be the year of a commercially available Google Glass and, while many consumers remain sceptical of the technology, the possibilities for businesses (in particular industries dealing with advanced engineering or electronic technology) to enhance the capabilities of their staff are all but endless.
However, the unique ‘users’-eye-view’ properties of the Google Glass make it an extremely attractive proposition for hackers. Viruses which can control the microphone and camera of a mobile device are now increasingly common, and Google Glass is the perfect target for malware of this type.
The risks of wearables in business are not limited to one device. The form factor of all wearable devices means that their visual displays will always be small. The aim of user-experience design in, for example, smartwatches is to eliminate as much detail as possible, in order to make information decipherable at a glance. But such detail is often a vital barrier against deception-based cyber-attacks. Domain names and graphics, for example, can allow us to tell the difference between a well-crafted phishing email and its harmless equivalent. Losing such tell-tale signs knocks a few more bricks out of the human firewall. It’s not beyond the compass of user-experience designers to tackle this – indeed, a recent report from the Security and Business Innovation Council recommended user-centricity as a starting point for the design of all security systems – but as security professionals we need to be aware that, as wearable technologies make their way into the workplace, they represent a multiplication of potential attack surfaces. This will affect everything from BYOD policy, to information infrastructure design, and we would be well advised to prepare now.
By: Rashmi Knowles Chief Security Architect EMEA at RSA The Security Division of EMC