Apple never likes to use other’s buzzwords, so the new Apple Watch isn’t “wearable tech” or “The Internet of Things (IoT)”. Instead, it is just Apple Watch. But this intelligent little bracelet is every bit wearable tech and IoT, and it comes with all the security risks of every other IoT device. Strike that. Because of the potential to sell millions of these $350 (starting price) doohickeys, it may be the biggest IoT threat yet.
A watch seems innocent enough, but any IP device can be a problem. The watch can store mail, other messages and different types of data, meaning it can be a conduit for data leakage. Because it can control the iPhone’s camera remotely, it may pose security and privacy risks too.
The biggest problem is that the Apple Watch is also prone to be commandeered through a little nasty thing called a “ThingBot”, which is a bot that exploits The Internet of Things. Do you think a ThingBot isn’t a threat? One ThingBot alone spread 750,000 spam and phishing messages after taking over 100,000 IoT devices.
Apple isn’t the only one in the IoT game. Microsoft also has a watch, and Google hopes to dominate home-automation with its $3.2 billion buyout of Nest that offers IP thermostats and other IoT devices. The result of all this is a shocking 212 billion IoT devices by 2020, researchers predict. Hackers tend to attack those systems that are most prevalent, which is why Microsoft Windows is such a target.
The more successful the Apple Watch is, the more of a problem it may pose. The Apple Watch can connect in two ways – either through WiFi or through Bluetooth – both eminently hackable modes of connection.
GFI understands this issue: “One thing that all smart watches share is their impact on data access, data security and IT management. With Apple’s arrival in the market, 2015 will undoubtedly see significant market growth for wearable technology, with individuals buying them in volume, pairing them with smartphones and tablets and by extension, making them an immediate consideration and concern for company IT departments,” explains GFI general manager Sergio Galindo. He continues:
“As with the BYOD phenomenon of the last couple of years, companies need to be aware of the implications of WYOD (Wear Your Own Device) and put measures in place to manage the influx of smart watches, ensuring that watches paired with devices that have access to work email and data sources don’t become a weak security point that can be exploited if a watch is lost, stolen or hacked. As they did with tablets and smart phones, employees will expect their employer to embrace and support these devices. Companies need to decide if it’s in their best interests to capitulate fully or partially, and also need to decide how to augment IT policy to reflect how these devices will be used in conjunction with sensitive data sources and communications platforms.”
IT professionals already understand these IoT issues and many have specific plans to address them, according to a GFI Software survey. Almost all, or 96.5% of those IT pros surveyed, believe IoT will have a negative impact, and 55% believe that negative impact will be security.
So what does the future hold with the expected proliferation of IoT such as the Apple Watch? Greater focus will be put on security, which will also mean increased pressures on sysadmins. As devices go wireless, security priorities will need to shift to accommodate these changes and surely we will see a more extended use of firewalls and MDMs.