Cloud Backup
 

We`re just sending through your details

Please give us a few moments whilst we get your account ready.

OKAY

How strong is your smartwatch's data security?

How strong is your smartwatch's data security?

posted in Cyber-Security ● 18 Apr 2017

In a society where health and wellness are no longer buzzwords but real things people have adopted as part of a balanced lifestyle, we need devices that keep us aware and informed – to be the catalysts that drive us to action. But while the Internet of things (IoT) has allowed smart wearables to become commonplace in today’s households and workplaces, big adoption can spell bigger risks for data security.

Popular opinion

Since it’s popular opinion pushing the sales of smart wearables to new heights, ISACA (previously known as the Information Systems Audit and Control Association) surveyed 1,001 employed consumers of connected devices in the UK. The results showed that around 60% of respondents proactively tried to manage the privacy and data security settings on their devices but only 36% felt that information gathered on their smartwatches (and 29% on their smart glasses) was private. Only 21% thought their smartwatches were actually secure.

First, the bad news

Inadvertently confirming popular opinion, HP went ahead and conducted a study on ten popular iOS and Android-based smartwatches. They found “…numerous security concerns…” on these devices while performing a battery of security tests (known as HP Fortify). Here are some of the most noteworthy problems found:

  • Insufficient user authentication. Things like limits on the number of failed password attempts and two-factor authentication were found lacking in 3 devices.
  • Network vulnerability. Four in ten devices still used the POODLE-vulnerable SSL v2 encryption ciphers.
  • Insecure interfaces. Since 3 of the devices had cloud access, the mechanism used here would allow hackers to determine which cloud accounts were valid by using the “reset password” procedure.
  • Insecure software/firmware updates. Seven in ten devices showed vulnerability in that their software and firmware updates were not encrypted allowing eavesdroppers to download and analyse them.
  • Exposed personal details. The lack of data security mentioned above raises the risk of exposing personal details gathered by the devices, such as names, addresses, dates of birth, and notably health and fitness information.

Now the good news

Strides are being made with developing better data security legislation in the EU. The rights of the individual are in focus and how their personal information is to be protected. The Data Protection Directive (95/46/EC) has been blamed for being outmoded, which has sparked the need for legislation that better considers the nature of connected devices in the IoT.

Although currently a work in progress, the new General Data Protection Regulation (GDPR) will elaborate on aspects of the existing Directive but will supersede it, once it’s adopted by as early as 2016. Among other things, it aims to address the wearable device sector with better descriptions of what constitutes private data, how said data can be collected, and in what form it should be transmitted, if at all.

But in the meantime

There are some things you can do to protect yourself. HP had the following recommendations to help consumers from falling victim to bad data security:

“… that users do not enable sensitive access control functions such as car or home access unless strong authorization is offered. In addition, enabling passcode functionality, ensuring strong passwords and instituting two-factor authentication will help prevent unauthorized access to data.”

So, while you look good doing that thing you do with your snazzy smartwatch, take care of your devices and their data as much as you take care yourself.

How machine learning combats threats like the Kaseya ransomware attack that targeted MSPs

The recent ransomware attack on Kaseya, a cloud-based IT and security management provider services company that supplies tech-management tools to customers worldwide, has the potential to be the most serious cyber-criminal incident this year.

Continue reading

H1 updates create broadest platform support

Redstor adds AI and analytics to smart data management service and now offers support for OneNote, Kubernetes and Salesforce following major updates delivered in H1

Continue reading

Your Salesforce data protection responsibilities

Businesses often neglect the need to back up Salesforce in the belief that SaaS application vendors already provide all the data protection they need.

Continue reading