ESET Wearable Device The security of the device continues to evolve wearable device wearable device security riskwearable device We want to understand the risk of utilization in the security incident business scene and enjoy the convenience by active use.

This article re -edited the "security to be aware of when using wearable devices" published in the "Malware Information Bureau" provided by Canon Marketing Japan.

 Wearable means "can be attached to the body", and there are multiple types besides clock type such as smart watches.A typical representative is wristband type such as Fitbit, ear -wear type such as AirPods, glasses type, and ring type.Wearable devices were widely recognized by the Apple Watch announced in 2014, but did not spread.

 The wearable device is attracting attention again.Big data and AI are boosting.In September 2019, Amazon announced the smart glass "Echo Frames" equipped with Alexa, an AI audio assistant.This device does not incorporate the camera or display, but it has a small microphone and speakers, allowing Alexa to talk.Google, who once abandoned smart glasses for consumers, continued to develop corporate products, and in May 2019, the latest version of the Glass Enterprise Edition 2.Some say that Facebook has started developing smart glass.

 According to an IDC JAPAN survey published in March 2019, as if to support these trends, the number of wearable devices in global in the fourth quarter of 2018 was 59.31 million units, compared to the previous year..4 % increase.55 in Japan.It is 60,000 units, 25 compared to the same period of the previous year..It has increased by 5 %.A long time ago, smartwatches, which were premised on communication with smartphones, have a SIM built -in type that can be communicated alone, and the range of usage scenes and utilization is expanding.With the appearance of various devices in the future, further spreading will be considered.On the other hand, the spread of new devices is always next to security risks.

 A major feature of wearable devices is that they are devices attached to the body.Since it is literally installed without removing the skin, various data can be collected and utilized more than smartphones.However, the data stored in the wearable device is a good target for a crime -planned hacker, and in the unlikely event that you encounter troubles such as unauthorized access, the user's privacy will be exposed to risk.So what kind of data is accumulated in wearable devices?

・ Data collected by wearable devices

- "Voice", "Image", "Video", etc. 

 Mike and cameras equipped with wearable devices are gaining accuracy year by year. If you have a smart glass with a camera, you can transfer the scenery you are looking at as a voice data with audio.

-"Walking distance", "Location information", "Mobile route", "Altitude", "Sleep time", "Calories consumption", etc.

 Wearable devices equipped with GPS, acceleration sensors, and gyro sensors are increasing, and detailed information on movement is becoming possible.

-"Heart rate", "pulse", "body fat percentage", "muscle mass", "BMI", etc.

 With a type of wearable device that adheres to the arm, the pulse and other pulse can be measured in real time via the skin. If the body has the function of the body composition, you can also get information about the tendency of the body.

-"Name", "Address", "Credit Card Information", "Certification Information", etc.

 There are many wearable devices that are preserved with personal information called PII (Personally Identiviable Information) and payment information such as bank accounts.Recently, biometric authentication information such as fingerprint authentication, iris authentication, face authentication, etc. has been saved, and some are used for two -factor authentication.

 When using wearable devices, we understand that such very subtlety and valuable personal information is stored on the terminal and is accumulated in the database of products and services via the Internet.I have to do it.When using it, I would like to recognize the following security risks and try to make appropriate measures.

・ Physical theft 

 The device itself may be stolen because it deals with "important data".If the wearable device that I usually wear is stolen, not only the valuable data stored on the terminal will be stolen, but a malicious third party uses a device.It is also possible that it will be impersonated.If used as a two -element authentication, there is a risk that the payment function and authentication function will be misused, and will be used.

·Unauthorized access 

 The act of communication always has the risk of unauthorized access.In the case of wearable devices, unauthorized access through not only via the Internet, but also unauthorized access via Wi-Fi and Bluetooth. Unauthorized access causes risks such as data interception and hijack.Then, by displaying a fake information (such as map information, etc.) that is hacked by unauthorized access and should be displayed, it is exposed to the risk that did not expect because it acted based on that information.That could actually happen.

 When purchasing a wearable device, I would like to check the vendor security policy in advance, taking into account these risks.

 Wearable devices are also connected to the Internet, so they cannot escape from security risks.I would like to introduce some of the actual security incidents.

ESET ウェアラブルデバイスのセキュリティについて 進化し続けるウェアラブルデバイス ウェアラブルデバイスのセキュリティリスク ウェアラブルデバイスで生じたセキュリティインシデント ビジネスシーンにおいても活用の動きへ リスクを理解し、積極的な活用で利便性を享受したい

・ Personal information leak at Hong Kong's educational toy manufacturer in November 2015

 Unauthorized access causes more than 6.4 million children's personal information and more than 5 million parents.The company sold educational toys and related apps for children using computers, and there were smartwatches for children.The company's database preserved a large amount of children related to the app and parents, but the system had problems with security vulnerabilities and encryption.。System -related security incidents can happen, regardless of the company's name recognition or scale.

参考情報
https://eset-info.Canon-ITS.JP/Malware_info/Special/Detail/160119.html

・ January 2018, Leakage of location information using the fitness tracker app 

 The location information data of military officials who used the fitness tracker application used as a set with wearable devices leaked.This app records information on various sports activities, such as running and cycling, on the server.In addition to mapping driving routes, information on the driving route shared by users has been released around the world as a beautiful heat map, so that anyone can easily find activities in specific areas.As a result, the routes in military facilities and the moving routes of military officials were unintentionally released.

 In addition to leakage of unauthorized access to vendors who provide services and products, it is highly likely that the wearable device itself used will be hacked.In such a case, the first thing a malicious hacker aims for is personal information such as payment information.Leaked location information may cause burglary damage.Recently, some media reported that Amazon is under development of wearable devices that can recognize human emotions.With technology advances, the day when wearable devices collect more personal information should not be so far.

 The evolution and spread of wearable devices is not only for individuals.In the near future, it must be used in business situations.Here are some examples that are assumed.

• Improvement of employees' health management, physical condition management, and working environment 

 Wearable terminals are expected to be used in working style reform.Actually, some companies are to use a list -type wearable device to analyze the stress of employees by measuring the heartbeats during work, and to use it for subsequent health guidance and work load distribution.It is done in.

・ Business support such as remote instructions at work sites

 In the manufacturing industry, the use of smart glass and AR is progressing steadily.By installing a smart glass and working along the AR screen instructions projected in front of you, it is possible to significantly reduce the training cost of employees.In addition, even if you are contacting you, wearable devices can make hands -free calls, so it is efficient without hindering your work.

・ Monitor the status of workers to ensure safety

 For dangerous tasks such as high places and dark places, such as the construction industry, using a list -type terminal to measure the heartbeat, pulse, acceleration, etc. of the workers to prevent accidents and promptly respond after the accident.It will be.Wearable terminal sensors are evolving year by year, and it is said that an electrometer, brain wave meter, blood sugar measuring instruments, etc. will be installed in the future, and will be able to monitor more precisely.

・ Used for single sign -on of corporate systems 

 One overseas venture company is conducting demonstration experiments for contactless payments using biometric authentication utilizing the waveforms of heart rate.If this technology is practical, it will be possible to achieve a single sign -on to a corporate system with wearable devices.For example, it is not a dream for users to pass the entrance gate of the office, ride an elevator, and log in to the system just by attaching one list of terminals.

 In the future, there may be more cases in which the wearable terminals used in the office are brought in.In some cases, information that is transferred to a vendor database by wearable devices will be a confidential information of the company as well as individuals.It is necessary for companies to set information security policies in advance in anticipation of the future where such wearable devices are commonplace.

 If you use wearable devices individually, be aware of the apps that operate on that device.There are certainly malicious apps that are not secure, that is, to the outside of the information that fraudulently steals information and sends out to the outside.Before introducing the app, you should carefully check whether the publisher is a trusted company or organization, and its privacy policy.It is not zero to infect malware with an unauthorized app or leak important personal information intentionally.As with other devices, I would like to take minimum security measures, such as updating OS and apps and securing safe communication.

 When a company uses wearable devices in business, it is also conceivable that employees will collect not only location information but also health data, such as health data, through terminals.When collecting personal information, a cautious response is required for its handling.

 The evolution of wearable devices closes the relationship between IT and us, giving you a lot of benefits through life and business.For that reason, it may be even more important to correctly recognize and face the security risks behind you.

Tweet

To the category top

この記事の編集者は以下の記事をオススメしています
ESET on ASCII必読記事
Tweets by MalwareInfo_JP
© KADOKAWA ASCII Research Laboratories, Inc. 2022

Display format: PC ⁄ Smartphone

Tags: