Smart Wearables and Cloud Security: The Rise of Mobile Malware

When you look at the greatest technological advances of the past several decades, it's clear that software has taken the lead. While hardware continues to improve, get smaller and do more with less, it's software that has enabled feature-rich operating systems that can exist on an interface barely larger than your hand. Hardware has maintained a more or less consistent form. It's no wonder then that many corporations are still painfully in the dark ages when it comes to the increase in the BYOD ecosystem. As the new Apple Watch and other smart watches begin to hit the scene, it's going to become increasingly difficult for network engineers to keep company networks secure. Even The Federal Trade Commission has warned about the threats posed by these small, connected devices stating that the data they collect should be limited for security reasons.

When new hardware does come onto the scene, it's widely talked about and speculated upon. Google Glass has failed to catch on so far, but the Apple Watch is likely to spur growth in the smartwatch industry and encourage other manufacturers to create their own versions. Google's Android Wear selection has already entered the market with good success. However, the Apple Watch is likely to be the most popular new piece of hardware introduced in 2015. A boon for Apple, and a virtual nightmare for IT administrators.

Improving Defenses

Many companies are looking to products that have high levels of protection against many existing threats. Office 365 security includes global threat intelligence, active link protection, spam control, email archiving and encryption. In response to the increase in interest and potential market of the new Apple Watch, Office 365 has adopted technologies that support Apple's Swift programming language. This makes it even more likely that the BYOD culture will become a growing issue for corporations that are attempting to protect and secure customer and company information.

The risks of mobile malware are real, and companies have been documenting the threats and their ability to enable a long-term rise in mobile malware. Much of the malware comes in the form of apps, but Apple has maintained fairly good control over malicious apps by vetting all new app developers and providing end-users apps installable only through the App Store. Even though the Apple Watch and other smart wearables have fewer features and capabilities than a laptop, tablet or smartphone, they still pose security risks for various reasons:

  • Data Connections: Smart watches don't typically have their own Wi-Fi or cellular capabilities. This means that to program these devices, a connection to a smartphone or computer is required. This makes it possible for a threat to infiltrate a watch by the way of the smartphone's operating system.

  • Plain Text Transmission: Many of the apps on smart watches use plain-text transmission of information. This information can be wirelessly transferred via Bluetooth to the smartphone or computer in plain text. Bluetooth scanners can easily intercept this information.

  • Password Recovery: At the 2014 Black Hat Conference, a research showed that data like passwords could be lifted from a smart watch. Employees that mistakenly believe their watches can store company passwords securely may be in for a surprise as this technology improves.

The Internet of Everything (IoE) is expected to encompass billions of IP-enabled devices in the future. The smartwatch is expected to play a major role in its development. As these devices infiltrate our daily lives in non-intrusive and often secretive ways, it will become more difficult for engineers in corporations to plan for and protect against every possible threat. Networks may become increasingly compromised as information stored on a smart watch or via cloud computing may become available to the IoE. Especially as the technology for smart watches improves, it will become increasingly likely that an employee may walk out of the office with an important blueprint, electronic document or sensitive company data strapped to their wrist.

Being Proactive

So, what can companies do to protect their networks from these sorts of risks? Besides instituting policies against the use of these items in the workplace, it will become increasing important to have all data removed from company computers authenticated and accounted for. Some companies are developing improved technologies like radio frequency monitoring to detect unusual frequencies within a network environment. Software and sensors can make a company's network more secure by alerting IT staff of unusual activity. While radio frequency monitoring can't prevent the unauthorized access of company documents, the technology can identify the compromised device with an accuracy of several feet.

As with all things in the IT security field, as new threats become apparent, new solutions will be developed to protect companies from vulnerabilities. In the interim, it's a good idea for companies to take a conservative approach to allowing the use of connectable devices. In the beginning, it will be mostly up to the manufacturers of these watches to develop responsible privacy and security standards. Companies can protect themselves by responsibly managing, securely archiving and deleting old data once it's no longer needed by the company or organization.