Monday, 10 June 2013

Wearable Technologies & Security


Many high-tech companies are researching wearable technologies, i.e. things that you can wear and help to make your life easier. Probably causing the biggest stir in the technology community recently are smart glasses, with Google Glass being the primary example.
Giving you visual aid with augmented reality is a fascinating thought for me. But it also sparked the discussion on what should be allowed regarding the respect of privacy. Do you need to inform your friends whenever you are filming them?
Maybe a red LED in your glasses should turn on whenever you are recording, taking the term “evil eye” to a whole new level. If you search the Web for people who are planning on extending the built-in functionality of the Google Glass, you will come across all kinds of interesting integration ideas, including the controversial face-recognition feature.
But there are quite a few other wearable devices worth discussing. From smart bracelets and intelligent shoes to watches that can interact with other objects all devices that are available to purchase. Recently at the D: All things Digital conference (D11), a few more prototypes were revealed to the public.
For example, Motorola demonstrated an electronic circuit tattoo that could be used to authenticate a person, acting as a key. They even went one step further and introduced a pill that would be able to transmit a signal from within your body once swallowed. Both ideas would render your body into something like a password token – something you are  that could be used for authentication purposes.
Of course, we already have similar technologies my car opens magically at the touch of my finger. Or RFID cards that you can wear in your pocket. Not forgetting biometric factors. After all, your fingerprint is something you always have with you. Unfortunately, fingerprint readers are not contactless, so it might not be as convenient as the wireless technology.
Conversely, broadcasting signals always raises concerns about privacy and tracking. We have seen this concern in most countries where RFID passports were introduced. Even if you can’t extract the secret key from the chip to impersonate someone, you might still be able to generate a digital fingerprint response that allows you to start creating a tracking profile.
This is one of the reasons that many people are using faraday-cadging wallets that block any unwanted RFID reading. I don’t think that we will have to wear faraday shield T-shirts anytime soon, but those are some of the challenges that we need to solve with regards to wearable authentication tokens when we want to have a broad acceptance rate.
Still, it is an interesting field and would definitely help some people who always forget their passwords – unless, of course, they forget to take their pill. It could also solve the problem of weak passwords as they would be strong by default and could act as a master password for a password safe.
But we will have to wait and see how these concepts get implemented and if people are willing to wear such devices. Depending on this, it might still be possible to attack these systems, or just steal an authenticated session by ignoring the password completely.
In any case, we at Symantec are curious about what the future holds and are closely monitoring scam emails to see if they begin asking you to send your pill to them instead of offering cheap pills for you.

No comments:

Post a Comment