Hackers' delight? New Apple wrist-puter gives securobods the FEAR
Can biz trust Apple Watch enough to strap it to its BYOD?
Security pundits are already fretting over the security of the Apple Watch, just hours after the expensive gizmo was launched at a high profile US event.
Ken Westin, security researcher at Tripwire, said that the security implications of the wearable device's Wi-Fi connection capabilities create a potential opportunity for hackers.
"The fact the device uses both Wi-Fi and Bluetooth will provide a great deal of interoperability and additional functionality for the watch, however it also comes at the price of increasing the attack surface for the device," Westin said. "Given the fact that it is a high profile device which will have wide adoption, you can bet security researchers and hackers alike will be poking and prodding the watch to find new vulnerabilities as well as take advantage of existing attack vectors leveraging weaknesses in both Wi-Fi and Bluetooth."
The device also creates privacy concerns, according to Westin.
"As the device is utilizing both [Wi-Fi and Bluetooth], it will also be interesting to see how that data can be used to track individuals in physical spaces, as this has both security and privacy implications, not just from a malicious attacker's perspective, but also [as a target of] overzealous marketing. The fact the Apple Watch also integrates third-party apps could also increase security and privacy concerns."
Phil Barnett, VP and GM EMEA of Good Technology, cautioned that workers bringing wearables into the workplace means that BYOD policies need to be reviewed.
“We’ve seen BYOD for smartphones on mobiles and tablets – wearables are the next piece of glass for presenting data," said Barnett. "They present a huge opportunity for productivity, but need security measures in place before businesses will be truly comfortable using them across the enterprise. Encrypting data passing over the Bluetooth channel and containerising corporate data will help to secure and control it. Fine-grain policy controls will let you trade off the risks and rewards of using these new devices."
A recent survey by Trend Micro found that the majority (79 per cent) of European organisations are seeing an increasing number of wearable devices into the workplace. The poll, which involved a survey of 800 senior IT decision-makers across Europe and the Middle East, found that attempts to boost staff productivity as part of the BYOD programme or as a requirement as part of the business insurance policy is pushing wearables into the workplace.
Despite security concerns, more than three in four of those surveyed (77 per cent) are "actively encouraging" wearables. An estimated 4.6 million smart wearable bands shipped in 2014, a volume that is likely to move up a gear with the imminent availability of the Apple Watch. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust