ORIGINAL ARTICLE BY: Waleed Bin Qaim y Raúl Casanova-Marqués
A wearable is a mobile device that humans can comfortably wear and carry during their daily routine. It is composed of several sensors, computing and communication units to observe, record and communicate some physical phenomena that occur around the device. The different wearable devices available in the market today include smart watches, smart glasses, wrist bands, smart shoes, smart helmets, smart jewelry, adhesive skin patches, implants, etc. These devices are currently used for a wide range of applications such as healthcare, sports, activity recognition, tracking, sleep pattern detection, and various gaming and fun devices such as virtual and augmented reality headsets etc.
Portable devices and personal electronic gadgets are becoming increasingly popular with consumers. According to some recent statistics, market trends indicate that wearable technology is expected to reach $ 52 billion by the end of 2020, which is around 27% more compared to 2019. The reason behind this is ease of use. use that wearables provide the user with a plethora of different useful applications. For example, with a smart watch, a user can get instant updates on calls, text messages, weather updates, meeting reminders, the number of calories burned each day, health indicators, etc.
Over the years, there have been significant advancements in the general design of wearable devices. For example, if we take a look at the recently released Apple Watch 6, it has many advanced features like blood oxygen monitor, ECG, heart rate, sleep monitor, advanced fitness app, music, maps, cellular connectivity, and so on. At the hardware level, portable devices are becoming more powerful with a variety of different sensors, powerful computing units, and multiple connectivity options. However, the limited battery life is still the bottleneck. Therefore, manufacturers are always trying to extend the battery life of the device through different hardware and software techniques that sometimes also compromise important features such as security and privacy; driven by consumers’ preference to buy devices that have long-lasting batteries.
Wearables often carry personal and confidential information associated with an individual. The information detected can be the user’s body temperature, heartbeat, location, steps walked, mood and stress levels, etc. Furthermore, the portable devices can also be used for easy payments during purchases using near field communication (NFC) instead of using the credit / debit card every time. Therefore, all of these types of information and personal data that portable devices generate and use are highly sensitive and can be prime targets for hackers and malicious attackers trying to exploit such personal data.
Conventionally, wearables used to be standalone devices capable of some limited tasks. However, with recent advancements, wearables are now equipped with multiple internet connectivity options. Most wearables connect to the Internet through some gateway node; which is the user’s smartphone in most settings. However, some newer wearables are also equipped with direct Internet connectivity options, such as WiFi and cellular connectivity; thus, it makes them more prone to security threats from the outside world. From a network security perspective, portable device security threats can be classified into three different categories, namely threats to confidentiality, threats to integrity, and threats to availability.
Confidentiality threats generally involve unauthorized attackers accessing information communicated to / from portable devices by exploiting the shared nature of the wireless channel used for communication and then misusing the information obtained. Most confidentiality attacks on portable devices are due to minimalist implementations of communication technologies by device manufacturers by bypassing strong authentication mechanisms in an attempt to conserve resources.
Threats to integrity are intended to alter the actual information that is communicated. Data integrity is violated primarily due to the lack of strong authentication mechanisms and data encryption techniques. Due to the large volume of data generated by portable devices, manufacturers prefer to simply communicate simple data rather than apply data encryption, which negatively affects battery life. Device integrity is also associated with confidentiality, and if confidentiality is ensured, threats to integrity are automatically reduced.
Finally, availability threats try to make the handheld device inaccessible to authorized users, such as the denial of service attack. Although these attacks are not very common, they can render the handheld unable to pair with the gateway and / or flood the handheld with huge irrelevant requests to make it busy and unavailable to an authorized user. Furthermore, a large number of fake inquiries to the wearable device can also result in a rapid drain on the device’s battery.
