Wearable technologies promise to be one of the technology trends of 2015 that will receive a great deal of attention from the mainstream technology press thanks in large part to the major corporate players looking to enter that field, including Apple and Samsung. The first series of apps that will be available for the Apple Watch, which will hit markets in mid-April, was recently announced by Apple; only one of these 24 programs is related to health and fitness. We’ve talked about the potential consumer benefits of wearables within the past few months here on IPWatchdog which noted that the industry is still in an early stage. Wearable technology still enjoys a novelty status among tech aficionados, which is allowing some companies like Apple to cash in with gold versions of its smartwatch that approach a retail price of $10,000 USD. For mainstream consumers, however, wearables are gaining a greater profile but have yet to be fully realized in most sectors, which we saw in our coverage of the 2015 Consumer Electronics Show.
At the same time, we’re seeing a great deal of concern on behalf of businesses and consumers alike about the growing security risks threatening many technologies that are being developed today. Data breaches at financial institutions and major retail outlets alike have cost those organizations hundreds of millions of dollars in the combined cost of responding to threats, reissuing bank cards and developing cybersecurity measures. The issues posed by cyber attacks on networks and communications systems has even prompted federal governmental agencies to work in concert for the development of cybersecurity guidelines that provides a framework to effectively address risks for any organization.
Consumers are very interested in knowing that their data is protected, and not simply their financial account data. However, as wearable technologies and the closely related Internet of Things continue to become more robust, there have been questions raised over the privacy of data created and transmitted by these devices as well as the capability of others to gain unauthorized remote access through a cyber attack. Technologies designed to provide fitness tracking could have the unintended consequence of giving a party gaining unauthorized access to that data the ability to track their movement. While the world awaits the advent of the Apple Watch, we thought we’d focus a wide lens on the wearable tech industry to better understand the various data security and privacy risks they pose as well as activities meant to mitigate those threats.
Fears over the privacy and security risks associated with wearable devices is definitely being felt by wearable device owners and could even slow down the adoption of these technologies by consumers. A consumer report developed by PricewaterhouseCoopers on the topic of “The Wearable Future” found that 82 percent of respondents worried that wearable tech would invade their privacy. A full 86 percent felt that the use of wearable technologies would make them more vulnerable to data security breaches. These concerns are a big reason why about one-third of those people who have purchased a wearable device within the past year no longer use them on a regular basis.
These devices communicate through the use of wireless networks that do not have many data protection standards which are intrinsic to those communication systems. Recently, one security researcher from Internet security software developer Kaspersky Lab discussed how he was capable of performing an unauthorized scan of Bluetooth LE networks used to connect fitness bracelets and smartphones that would have enabled him to gain access to dozens of devices in his local vicinity; this experiment was successfully repeated in Moscow, Cancun and Bellevue, WA.
Once a hacker gains access to a wearable device, what they’re able to do with that access is pretty much only limited to the functions of the device. There have been very few news reports about actual hacking events involving wearables but imagined threats run the gamut from hackers manipulating device functions to extort money to bosses gaining unwanted insights into an employee’s daily life outside of work. This latter scenario could become more of a concern as wearables are more widely incorporated into business environments in coming years. Businesses themselves will want to consider best practices regarding enterprise incorporation of wearable devices in an effort to protect their own sensitive data.
Cybersecurity experts and developers will have to be vigilant in order to adequately address threats and attacks as they arise. Although many fitness trackers and other basic wearables do not include a user interface powered by a software operating system, the major product releases coming from Apple, Samsung and others use systems that are primarily based on the Android or iOS mobile platforms. The issue here is that there are already 4.37 million mobile apps that are either malicious or pose high cybersecurity risks, an increase of 68 percent over the previous year.
Coming up on April 23rd will be a major patent auction brokered by ICAP including 34 different lots of Internet of Things technologies. Several of the patent portfolios that will be auctioned deal directly with security systems that have applicability to wearables, which make up an important subset of products and services within the broader classification of the Internet of Things. One lot up for auction deals with malware sections systems and another with automated fingerprint identification. Yet another of the lots that will be available for purchase relates to data transfer and network security for portable devices, including smart watches and other wearable devices. Given the privacy concerns associated with wearable technologies the type of innovations embodied in these portfolios could be extremely important moving forward.
One portfolio — Mobile Device Data Communication, Security & Backup — particularly caught our interest due to the extremely early priority dates. The patents in this portfolio generically discuss portable storage devices, mobile devices and portable devices. With priority dates as early as July 18, 2001, these innovations were conceived well before the term “wearables” was popularized, and before the term “Internet of Things” was coined. Nevertheless, at its very core a smart watch is undoubtedly a portable device, and smart watches have storage and communications links. With the recent announcement of Apple smart watches action on this portfolio could be worth watching.
The aforementioned mobile device security portfolio contains three issued U.S. patents, 5 issued foreign patents, 1 pending U.S. patent application and another 9 pending foreign patent applications. The portfolio was originally developed to protect against device and data loss upon separation of the mobile device from the user, but also has the advantage of covering two way wireless communication between mobile device and another device, such as a wearable device. This portfolio also protects innovations that prevent the potential loss of a mobile phone and/or any portable data storage device. The patents also cover wirelessly backing up the stored data on portable devices onto a separate device the user could carry, such as a watch. The portfolio is further applicable to other market sectors such as m-commerce, health and medical, access and authentication systems, and telematics and telemetry.
Patent claims within the aforementioned patent portfolio address security measures involving immediate notification to the network provider that a loss has occurred to immediately implement additional security and recovery measures, i.e. to track, block, and recover lost data rich portable devices. Which seems reminiscent of aspects of Find my iPhone, which is offered by Apple.
The earliest U.S. priority date in the aforementioned portfolio relates to U.S. Patent No. 7,054,594, and goes all the way back to July 18, 2001, which makes this wearable security device patent potentially quite appealing. The ‘594 patent specifically claims a method of safeguarding against loss of data stored in a primarily portable data storage device and works by continuously communicating to a secondary backup device and alerting the user of a loss in the event the communication link is broken for a predetermined amount of time.
U.S. Patent No. 8,032,084 is a continuation-in-part application that traces its earliest priority date back to July 18, 2001. The ‘084 patent protects a portable storage device having a short range wireless communication interface that is configured to communicate with a backup device of a wireless communication link. The ‘084 patent likewise covers a method of operating a portable data storage device having a short range wireless communication interface by preregistering the device with a backup device to create a secure pairing between the two and initiating an alert procedure when the devices are separated to disable at least one function of the portable device.
Finally, U.S. Patent No. 8,224,248, is a continuation of the aforementioned continuation in part application. This patent protects a portable device that includes an interface for connecting to a mobile telecommunications network, a data input interface, an output display, an audible or vibrating alert and a processor which registers a backup security device and initiates an alert procedure when detecting a short range communications breakdown. The alert procedure of this system is capable of rendering the portable device at least partially inoperable in response to the communications link breakdown.