The device, the app and the cloud, and your development lifecycle isn’t fit enough to catch up
Black Hat Asia Wearable devices – and anything that relies on an app to help with configuration – has at least three attack surfaces and your existing secure development lifecycle probably isn’t going to cope with the complexity that creates.
So said Kavya Racharla, a security research manager for Intel’s Sports Group, and Deep Armor founder and CEO Sumanth Naropanth at the Black Hat Asia conference in Singapore today.
The pair explained that a typical wearable is developed in a hurry – often six months from conception to shipping – which doesn’t leave much time to consider all the possible security SNAFUs.
Wearables themselves have predictable security requirements: they’re computers with storage and a networking connection. But because wearables are for personal use, they can also leak personal data. Racharla said her research has revealed wearables that store the text used for voice prompts in plaintext. If that same file also stores a user’s name, that’s in plaintext too.
