Tech firms ignoring wearables and Internet of Things security risks

New legislation needed for wearable technologies, says Symantec

DUBLIN: Companies are ignoring serious security issues in their rush to release next-generation wearable devices, according to Symantec.

Symantec security strategist Sian John (pictured left) said businesses are failing to design wearable smart devices with security in mind, despite the potential damage hackers could inflict, during a briefing attended by V3.

"We're still connecting things first and securing them after. This is because we live in a consumerised world where there's a need for businesses to release devices at a competitive price point. In general this means they primarily invest in things like fashion and marketing, leaving little room for security," she said.

"The reality is whatever technology step you take there will always be a hack for it. As soon as we create something new people will ask, ‘What can I do to take advantage of it and how can I benefit?' So, every time we find a new way of doing something, someone will find a way to take advantage of that. As a result when we go to the Internet of Things a hack will come out of it."

John said the attack is particularly dangerous as the companies powering the wearable technology revolution, such as Google, will use the devices to collect and store vast amounts of customer data.

"If you look at Google or social sites their motivation is to get behavioural information about someone to do analytics. They expand this with mobile devices and wearable technology," she said. "While this data may not be of direct interest to criminals, it can have a cumulative effect. The more information criminals have, the easier it is for them to target you."

The Symantec strategist said to safely deploy wearable technology, technology companies will have to begin designing the devices with security in mind, a move that could require new government legislation.

"We're not at the point where creators are building things with security in mind. They're not thinking about the cyber risk," she said. "Given that people aren't designing devices with privacy baked in, the government needs to step in and make sure devices are built with security in mind from the start. Competitive pressures mean they won't do it themselves."

John is one of many security experts to call for companies to design their products with security in mind from the start. Intel president Renée James argued that companies need to drop archaic opt-in security models and begin designing products with fully integrated security from the start during a keynote at McAfee Focus in October 2013.

John's comments come just weeks after Google unveiled its smartwatch-focused Android Wear operating system. Google head of Enterprise in Northern Europe Thomas Davies warned CIOs earlier in April that they must begin preparing their systems to securely support wearable operating systems, such as Android Wear, as the ongoing bring-your-own-device trend means employees will use them for work purposes with or without permission.