Wearable devices are a growing branch of technology devices that are worn on a user to relay information to and fro the user and the surrounding environment. They are part of technology devices termed as the Internet of Things (IoT). These devices have found a remarkably thriving market in the health industry relaying vital information about a user’s health and wellbeing, example the user’s heartbeat rate. Just as any other IoT device however, they face many threats with negative impacts including manipulation of user data. The devices are commonly worn and thus functional throughout the day; this makes them more vulnerable. In the sections below the history of the wearable devices will be discussed. Their intended importance to society will be further mentioned. The actual threats will then be highlighted beginning from their nature of attack and target aspect of the wearable device, together with the nature of the wearables that makes them prone. Finally measures on how to mitigate the threats will be explained and a conclusion given.
As indicated above wearable devices are part of the Internet of Things (IoT) devices; devices that are capable of communicating with each other and the user through the internet. These devices became particularly popular as they helped monitor the wellbeing of the user. Approximately 61 million units of fitness trackers got sold in 2016 and it was further estimated that by 2020 the units will have grown to over 187 million (Mnjama J. et al, 66).
Delegate your assignment to our experts and they will do the rest.
The nature of a wearable technology is simply a Bluetooth chip and a battery encompassed in a wristwatch, bracelet, glasses and woven in clothes. Examples of such devices are Fitbit and Jawbone Up fitness trackers, Nike+ Sport band and iHealth’s wireless pulse oximeter. The user data acquired includes: time, calories burned, sleep quality, steps taken, floors climbed, water consumed and heart rate among others. Wearable devices cannot display this data and its analytics to the user thus have to be connected to an app in a smartphone (Mnjama J. et al, 67). The app displays the data from the wearables and implication of the data to the user through analytic tools, example, it can recommend to the user consumption of more water. In order for the app to provide such analysis it is in turn connected to a cloud based analysis tool. The cloud services also offer storage of the data from a user. A user therefore has to be connected to the internet to access the cloud services and benefit from the wearable device.
Wearable are very significant to the society. Evinced by the nature of the data they collect they are able to monitor and promote the wellbeing of a user. Such data, termed as Patient Generated Health Data (Mnjama J. et al, 67) enhances patient-physician interaction if the data is connected to that of the Electronic Health Record System of a medical institution (Mnjama J. et al, 67).
Since wearable devices deal with user personalized data, any breach of security can lead to manipulation of data. A threat therefore is any transgression that can lead to manipulation of user sensitive data. Table 1 augments the different types of threats and how they manifest themselves and the privacy concerns they generate with them.
Table 1
Threats
Threats | |
Name | Description |
1.Third Party Analytics | This threats occurs when an attack intercepts communication from the mobile app to the analytic tool. User data such as behavior and user activity is collected (Mnjama J. et al, 69). |
2.Lack of Access Codes | Many fitness trackers lack access codes due to interface challenges. A report showed that 50% fitness trackers lacked a pin or a password allowing attacker access (Mnjama J. et al, 69). |
3. Location Tracking | Since Bluetooth signals send a unique ID attackers can use this and the GPS sensors to track user location (Mnjama J. et al, 69). |
4.Lack of Privacy Policy | Many health applications lack policies that give users control over the amount and state of data they give to the applications. As such collected data is used at the disclosure of the health application only (Mnjama J. et al, 69). |
5.Insecure Data Storage | Poorly encrypted data and cached data both at the app level and cloud level can lead to data leaks (Mnjama J. et al, 69). |
6.Weak Server-Side Controls | Poorly configured servers and servers lacking up-to date security measure result in data losses (Mnjama J. et al, 69). |
7.Insufficient Transport Layer Protection | Some applications fail to include digital certificates in their HTTP (Hyper Text Transfer Protocol) while others use plain text in communication, exposing the data transferred at a risk (Mnjama J. et al, 69). |
8.Client-Side Injection | Mobile apps and websites without necessary security controls are viable to SQL injection; a threat that inserts malicious SQL queries to manipulate servers (Mnjama J. et al, 69). |
9.Poor Authorization and Authentication | Some mobile apps allow for offline interaction, thus poor authentications and authorizations by the apps can allow the passwords to be manipulated (Mnjama J. et al, 69). |
10.Improper Session Handling | Session cookies are issued by a server as a security measure by limiting the amount of time a user is connected to the service after authentication. Improper session handling through inappropriate procedures can create an opening for attack. (Mnjama J. et al, 69). |
11.Unintended Data Leakage | The digital infrastructure; hardware and operating system continuously change with time, and a health app should continually change as well to interact accordingly, least gaps exist causing data loss (Mnjama J. et al, 70). |
12.Security Decisions via Untrusted Inputs | Applications receive data from various sources through the IPC (Inter Process Communication) within it. Such communication can allow data from untrusted sources. Requests for sensitive data should call for user input (Mnjama J. et al, 70). |
13.Lack of Binary Protection | Attackers can reverse engineer an application and claim ownership if the application is not binary protected at its development level (Mnjama J. et al, 70). |
14.Broken Cryptography | Unpatched encryption techniques and algorithms can result in private data loss (Mnjama J. et al, 70). |
For better analysis, the threats are classified using threat assessment models. Literature identified two helpful models: CIA and STRIDE.CIA stands for Confidentiality, Integrity and Availability. This mean that the threats discussed above can be grouped into those that affect the confidentiality of the data or its integrity or those that make it unavailable. STRIDE stands for Spoofing- posing as data from legitimate sources yet they originate from attackers, Tampering- interfering with the data from wearable devices, Repudiation- preventing authentication of their sources of data, Information Disclosure-causing leaks in information, Denial of Service-denying users access to the app services, and Elevation of Privilege-giving an attacker access that was otherwise limited to them (Mnjama J. et al, 68).
The above assessment models can further be simplified to six factors, also called consumer factors as they pertain to threats to consumer wearable technology. They include Authentication, Authorization, Availability, Confidentiality, Integrity and Non-Repudiation (Mnjama J. et al, 71). Table 2 below better summarizes the consumer factors and the privacy threats pertaining them.
Table 2.
Consumer Factors
Consumer Factors |
|||||
Authentication | Authorization | Availability | Confidentiality | Non-Repudiation | Integrity |
Lack of Access Codes | Lack of access codes | Third-Party Analytics | Third-Party Analytics |
Privacy Policy Poor |
Insecure Data Storage |
Weak server side controls | Weak Server Side Controls | Insecure Data Storage | Location Tracking | Insufficient Transport Layer Protection | Weak Server Side Controls |
Poor Authorization and Authentication | .Poor Authorization and Authentication | Weak Server Side Controls | Lack of Privacy Policy | Authorization and Authentication | Insufficient Transport Layer Protection |
.Security Decisions via Untrusted Inputs | Improper Session Handling | Insufficient Transport Layer Protection | Weak Server Side Controls | Client-Side Injection | |
Security Decisions via Untrusted Inputs | Client Side Injection | Insufficient Transport Layer Protection | Poor Authorization and Authentication | ||
Broken Cryptography | Client-Side Injection | Improper Session Handling | |||
Improper Session Handling | Broken Cryptography | ||||
Unintended Data Leakage | |||||
Broken Cryptography |
The nature of the wearables makes the particularly prone to threats. Their nature ranges from the architecture, the data they handle and their range of functionality. Wearable devices’ architecture constitutes of both hardware and software. Since the hardware used to manufacture the wearable device is of low resource (small bandwidth and small storage space) only lightweight encryption methods are used resulting in security flaws. From a software perspective, common Operating Systems are used which are highly vulnerable. Equally an application is as secure as its developer and in the scenario of a bug, no one is responsible for patching them (Siboni S., 26:3).
Wearables are constantly connected to the internet ether directly through WIFI or indirectly via Bluetooth. Since these wearable devices are constructed with advanced features in mind instead of security measures, they are thus exposed to attacks such as (Denial of Service) DoS, data leakage, (man-in-the-middle attack) MITM among other traditional attacks (Siboni S., 26:3).Furthermore, due to the increasing number of wearable devices, they are equally increasing bandwidth consumption which makes them viable points of entry for attacks to a network.
Their data collection features further make them easily prone to threats. Data is becoming an increasingly valuable asset, due to its commercial benefits. As a result more organizations are incorporating wearable devices to their dealings with clients. Organizations can thus use policies to relinquish users of their rights to their data. On the other hand such wearables can reveal important company information. Either case presents a security concern. Finally in the event of theft or loss of a wearable device, the personally identified information can easily be stolen (Siboni S., 26:4).
It’s thus imperative to mitigate the threats wearable devices face for efficient consumer use. Threat assessment attacks can be viewed from three points: Asset viewpoint, Attacker Viewpoint and System Viewpoint. Implying threats can be easily tackled if viewed from these viewpoints.
From the attacker’s point of view a research was performed an experiment to reverse engineer user PINs from keyboards in external machines such as ATMs and electronic door locks. In the experiment they aimed at using sensors in wearables to determine user hand movement when inserting the PIN or Password and thus reverse engineering the Password (Chen W. et al, 647). Their research is particularly significant as it highlights the vulnerabilities in wearable devices.
The Assets point of view discusses threats facing data. This is because data is the single most valuable asset in wearable devices. Data privacy and confidentiality threats arise mostly from privacy policies (Paul G., n.p). In yet another research, privacy policies of wearable devices from different companies were discussed, such as Fitbit website, Jawbone, Nike+ and BASIS.
It was evident that such policies exposed user data to a number of privacy and security threats. None of the devices tested above allowed for offline usage meaning users had to log on to the website exposing their data to security threats. Further, only few companies highlighted in their policies they would not use data for commercial use: Jawbone and Nike+. Jawbone and Nike+ were the only companies as well that allowed users to retain control and rights to their data. None of the companies agreed to notify users of policy changes. Only Fitbit and BASIS policies agreed to not gather user information from other sources. Only BASIS allowed for no provision of GPS location. Finally, only Nike+ permits complete data removal while others do not (Paul G., n.p).
In order to preserve privacy from an asset point of view an ideal platform should be set up that allows for offline usage. Additionally, cloud based features should be optional and clearly inform users how the data they upload would be used. Privacy policies should be set up that give users full control of their data; they can erase at will. User data should further be encrypted at a per-user level limiting the service provider from accessing sensitive (Paul G., n.p). Finally to ensure users are not caught unawares by policy changes, companies should aim to notify users of changes.
A systems point of view contains the chunk of wearable devices threats. As a result, knowledge of the architecture of the system gives a better understanding on how to mitigate system attacks.
A wearable device architecture consists of three phases: phase 1 the tracker, phase 2 the mobile application and phase 3 the cloud server. Phase 1 and phase 2 connection happens via Bluetooth while phase 2 and 3 connection happens via Wi-Fi. In another research (Walter C. et al, 31), Bluetooth connection is discussed to consist of both active and passive devices. A MAPE-K (Mapping, Analysis, Planning and Execution) planning system is used to create a solution for the mobile application also called base station. The solution arrived at is sending of empty packet data to the base station in the event of an anomaly. This solution worked for active Bluetooth devices such as Fitbit.
DTU Compute carried out a research on two wearable devices the Jawbone UP Move and the Fitbit Charge to analyze architectural design flaws. It was discovered that Wi-Fi connection (phase 2 to 3) faced several threats. Example the Jawbone UP Move did not have valid server certificates (Goyal R. et al, 136).
To effectively mitigate attacks from all viewpoint a security testbed framework is recommended (Siboni S. et al, 26:2). In this framework a wearable device is passed through a framework with simulated real life conditions to assess whether the device passes the standard security tests. The testbed should consist of a Device under Test, a Testing Environment, Security Testing steps, Simulator Arrays, Communication Channels, Protocol Analysis, OS Compatibility, Data Forensic Analysis, Management and Report Mechanisms, User Intervention and Automation and Testbed Enhancement Capability.
Several tests are performed by a test bed. They include Scanning- the testbed tries to detect a wearable on a wireless communication; Fingerprinting-Monitoring communication traffic to obtain device data; Process Enumeration-The testbed monitors wearable activities to get CPU and memory consumption data; Data Leakage-checks communication data for encrypted data or plain text and assess leaks; Side Channel Attacks- collecting data and analyzing it with respect to an event in the wearable; Data Collection-tests whether an application on a wearable collects sensor data; Management Access-attempts to access management interface; Breaking encrypted traffic-applies techniques to interrupt encrypted communication; Masquerade attack-attempts to create a communication on behalf of a wearable device; Communication Delay Attacks-delays the delivery of traffic between wearable and server; Communication Tampering- attempts to manipulate data from a wearable to the server; Vulnerability scan- searches for additional threat points in the wearable (Siboni S. et al, 26:7).
In conclusion wearables present a useful role to society especially in the health sector. However they equally present grave threats due to their nature. Luckily proper security measure as discussed above, based on the viewpoints can be put in place to mitigate all the threats and provide a safer environment for wearable technology usage.
References
Goyal R., Dragoni N. & Spognardi A. (2016). Mind the Tracker You Wear - A Security Analysis of Wearable Health Trackers. ACM978-1-4503-3739-7/16/04. . . DOI: http://dx.doi.org/10.1145/2851613.2851685
Mnjama J., Foster G. & Irwin B. A Privacy and Security Threat Assessment Framework for Consumer Health Wearables
Paul G. & Irvine J. (2014). Privacy Implications of Wearable Health Devices. Copyright 2014 ACM 978-1-4503-3033-6/14/09 http://dx.doi.org/10.1145/2659651.2659683
Siboni S., Shabtai A., Tippenhauer N. O., Lee J. & Elovici Y (2016). Advanced security testbed framework for wearable IoT devices. ACM Trans. Internet Technol. 16, 4, Article 26, 25 pages. DOI: http://dx.doi.org/10.1145/2981546 .
Walter C., Hale L. M. & Gamble F. R. (2016). Imposing Security Awareness on Wearables. 2016 2nd International Workshop on Software Engineering for Smart Cyber-Physical Systems. ACM. ISBN 978-1-4503-4171-4/16/05…$15.00 DOI: http://dx.doi.org/10.1145/2897035.2897038
Wang C., Guo X., Chen Y., Wang Y., Liu B. (2018). Personal PIN Leakage from Wearable Devices. IEEE Transactions on Mobile Computing, Vol. 17, No. 3,