2014 is the year of the wearable. Yes we thought 2013 was, but no it’s apparently 2014. Now that the big players are getting involved in producing wearables, these devices are due to take off in a big way. However a security firm has revealed that they are apparently leaking your data to anyone listening.
Symantec, the firm usually associated with malware and virus control has uncovered that for around £40 of tech, you can track anyone using a wearable.
Mario Barcena, Candid Wueest and Hon Lau of Symantec took a modified a Raspberry Pi unit to social areas such as parks and sporting events and were able to then successfully determine which people were using a wearable. These wearables included electronic wristbands such as sports activity-tracking devices, smart watches, pendants, and even smart clothing. The research team added in a Bluetooth radio to a Raspberry Pi, and were able to successfully highlight individuals with wearables. With very little probing, they were then able to uncover ‘unique hardware addresses’ of the device – all without ever attempting to connect to the devices.
Some devices they came across were also open to revealing serial numbers and other identifying information. The devices are so simple they don’t process the information or make any attempt to encrypt it.
Not So Smart Apps
After uncovering such security issues in the targeted wearable Symantec then tested the associated apps. They found that around 20% of these apps did nothing to encrypt data it transmitted over the net, leaving info such as the users name, passwords and dates of birth freely accessible. In some cases the team was able to manipulate the data to trick central databases into executing commands.
Symantec has since launched a campaign to try and make the manufacturers of wearable devices take security more seriously.
With this kind of information freely available with little probing, clearly the wearable market needs to be secured sooner rather than later. Would this affect you using wearables now or in the future? Let us know on Google Plus, Facebook or Twitter.
Source: SymantecSource: Symantec