Hackers' delight? New Apple wrist-puter gives securobods the FEAR

Can biz trust Apple Watch enough to strap it to its BYOD?

Security pundits are already fretting over the security of the Apple Watch, just hours after the expensive gizmo was launched at a high profile US event.

Ken Westin, security researcher at Tripwire, said that the security implications of the wearable device's Wi-Fi connection capabilities create a potential opportunity for hackers.

"The fact the device uses both Wi-Fi and Bluetooth will provide a great deal of interoperability and additional functionality for the watch, however it also comes at the price of increasing the attack surface for the device," Westin said. "Given the fact that it is a high profile device which will have wide adoption, you can bet security researchers and hackers alike will be poking and prodding the watch to find new vulnerabilities as well as take advantage of existing attack vectors leveraging weaknesses in both Wi-Fi and Bluetooth."

The device also creates privacy concerns, according to Westin.

"As the device is utilizing both [Wi-Fi and Bluetooth], it will also be interesting to see how that data can be used to track individuals in physical spaces, as this has both security and privacy implications, not just from a malicious attacker's perspective, but also [as a target of] overzealous marketing. The fact the Apple Watch also integrates third-party apps could also increase security and privacy concerns."

Phil Barnett, VP and GM EMEA of Good Technology, cautioned that workers bringing wearables into the workplace means that BYOD policies need to be reviewed.

“We’ve seen BYOD for smartphones on mobiles and tablets – wearables are the next piece of glass for presenting data," said Barnett. "They present a huge opportunity for productivity, but need security measures in place before businesses will be truly comfortable using them across the enterprise. Encrypting data passing over the Bluetooth channel and containerising corporate data will help to secure and control it. Fine-grain policy controls will let you trade off the risks and rewards of using these new devices."

A recent survey by Trend Micro found that the majority (79 per cent) of European organisations are seeing an increasing number of wearable devices into the workplace. The poll, which involved a survey of 800 senior IT decision-makers across Europe and the Middle East, found that attempts to boost staff productivity as part of the BYOD programme or as a requirement as part of the business insurance policy is pushing wearables into the workplace.

Despite security concerns, more than three in four of those surveyed (77 per cent) are "actively encouraging" wearables. An estimated 4.6 million smart wearable bands shipped in 2014, a volume that is likely to move up a gear with the imminent availability of the Apple Watch. ®

Other stories you might like

  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading
  • 1Password's Insights tool to help admins monitor users' security practices
    Find the clown who chose 'password' as a password and make things right

    1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product.

    Available to 1Password Business customers, Insights takes the form of a menu addition to the right-hand column of the application window. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.

    "We designed Insights from 1Password to give IT and security admins broader visibility into potential security risks so businesses improve their understanding of the threats posed by employee behavior, and have clear steps to mitigate those issues," said Jeff Shiner, CEO of 1Password, in a statement.

    Continue reading
  • Inside the RSAC expo: Buzzword bingo and the bear in the room
    We mingle with the vendors so you don't have to

    RSA Conference Your humble vulture never liked conference expos – even before finding myself on the show floor during a global pandemic. Expo halls are a necessary evil that are predominatly visited to find gifts to bring home to the kids. 

    Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model – for the vendors, anyway. Although the same argument could be made for conferences in general.

    For the most part, all of the executives and security researchers set up shop offsite – either in swanky hotels and shared office space (for the big-wigs) or at charming outdoor chess tables in Yerba Buena Gardens. Many of them said they avoided the expo altogether.

    Continue reading

Biting the hand that feeds IT © 1998–2022