IEEE provides insight on security design vulnerabilities in wearables
The Institute of Electrical and Electronics Engineers (IEEE) has examined potential security vulnerabilities in wearable devices in its latest report.
The study, entitled “WearFit: Security Design Analysis of a Wearable Fitness Tracker”, makes use of a fabricated wearable fitness tracking system, dubbed WearFit, in order to illustrate these flaws via a security analysis.
The report uses the fictitious wearable in context with what IEEE perceives to be the top 10 software security design flaws; among them, correct use of cryptography, identifying sensitive data, and using an authentication mechanism that cannot be bypassed or tampered with.
Jacob West, founding member of the IEEE Center for Secure Design, and chief security products architect at NetSuite, said: “Broadly speaking, security is a real concern whenever technology is involved. While this concern shouldn’t prevent the adoption of technology, we hope that by reading this design analysis, consumers gain a better understanding of the kinds of attacks that can impact wearable fitness trackers, and the good design decisions that can prevent those attacks from succeeding.”
Adoption of connected devices including cars, appliances and wearables is on the rise and industry analysts hold that close to half of the population is expected to use wearable fitness-tracking devices by 2019. As a result, ensuring the security of such devices is of utmost importance. WearFit’s design is based on real-world systems and its architecture and various components represent potential attack surfaces.
West added: “For security professionals, we highlight the importance of building security in from the design of the software all the way through the development and testing, until it is eventually brought to market. With WearFit: Security Design Analysis of a Wearable Fitness Tracker, our goal is to expand the focus to include a balanced approach that looks at design flaws and identifies ways that manufacturers can avoid vulnerabilities and bugs by the nature of the way the device is built.”