Computerworld

INSIGHT: Why security concerns around wearables remain

"Wearable technology will without doubt open doors for hackers who wish to gather information about consumers."

If this year’s Consumer Electronics Show (CES) is anything to go by, wearable technology from fitness tracking bracelets, touchscreen smart watches, smart shirts and strap-on heart rate monitors will become more mainstream among consumers as 2015 rolls on.

According to Geoff Webb, Senior Director, Solution Strategy at NetIQ, wearable technology will without doubt open doors for hackers who wish to gather information about consumers.

“Hackers will use those devices as points of access to gain entry to other systems both in our home and in our offices,” he claims.

Webb believes that the simple fact is that security, good security, costs.

“It costs in terms of features and development time, it costs in terms of usability, and it costs energy,” he explains.

“The question is whether customers would be willing to have a device that runs out of power more regularly, and is harder to set up and use, in return for a fairly abstract concept like ‘better security.’

“Based on everything we've seen in the business and consumer IT worlds for the past two decades or more, that seems like an unlikely trade-off.”

Despite suggestions that wearable technology will almost certainly form elements of user authentication, Webb believes it's likely to be a small subset of the devices out there, “since the technology itself must be trustworthy if we are to use it for authentication.”

Webb believes that more likely is the capability to introduce greater biometric-based authentication, especially behavioural-based.

“For example,” he explains, “if a consumer has several items of wearable tech, then data from these can be aggregated to form part of an authentication method, especially when it comes to how the consumer uses them, the devices’ interaction with the consumer and each other, and so on.”

Webb concludes that while wearable tech means consumers will have more options and more ways to combine those options, they must also understand which technologies can form part of that authentication step, and what role they will play.