Monday, March 31, 2014

[dwaterson] Android Wear OS security issues

Last week, Google announced the launch of Android Wear – a new operating system for wearable computing. Wearable devices currently are in the form of glasses, braces and watches. With the advent of Android Wear, many more devices will come to market – smartwatches, fitness monitors, health devices, spectacles, and other wearable computers including those built into clothing. It is now a much simpler task for example, for a watch manufacturer with no experience in software, to produce a smartwatch running Android Wear and apps written by independent developers.


The Android Wear operating system supports both square and circular displays. It also supportsgeofences – enabling an app to take the wearer’s location into consideration (such as notify coffee shops nearby). The operating system can also recognise the user’s current activity, such as walking, cycling or driving, and provide appropriate notifications.
As a standardised operating system for multiple devices, Android Wear will do a lot to propel the advancement of wearable computing. And there are many competent Android java developers eager to build useful apps. Airflight check-ins can be simplified by swiping a QR code on the smartwatch against a scanner. Similarly, event ticketing can be performed quickly and simply. Weather and temperature data, together with SMSs, can be output through the smartwatch. Sony have even patented a SmartWig – coupled with powerpoint it could enable a presenter to flick to the next slide by raising an eyebrow. No mention is made of what will happen to the slides if the presenter gets a big surprise. The potential applications for wearable computing are enormous.
As the number of computing devices worn by individuals increases, so too will security vulnerabilities rise. Security risks include:
- The transmission of data. Wearable computers will tend to be connected to the user’s smartphone, to cloud storage, and/or to the internet. Transmitting sensitive data needs to be done securely.
- Android is based on the Linux kernel. So far, malware on the Android smartphone has focussed on the higher levels of the operating system – at userland level where most apps reside. It is only a matter of time however, that Android malware developers delve deeper into the Linux kernel and create more powerful malware.
- Wearable computers will provide a potential access point into the smartphone, opening up to risk sensitive data stored on the smartphone.
- Shoulder-surfing takes on a whole new dimension with widespread use of smart spectacles.
Already, spyware has been developed for smart spectacles. In this proof of concept, the spyware snaps a photo every 10 seconds, sharing what the wearer is seeing. Researchers have also highlighted the threats of wearable computing in scenarios such as counting cards at a casino or cheating in an exam.
It is significant that the Google license prevents Android Wear OS being used for protected health information covered by HIPAA (Health Insurance Portability and Accountability Act). Google themselves recognise the potential security threats of theft of sensitive personal data.
The advent of Android Ware OS is an exciting development which will hasten widespread market acceptance of wearable computing. However, significant security issues such as those highlighted here, will need to be addressed to protect customer data.

No comments:

Post a Comment