10 Dec Wearable IoT Device Security – Threats and Solutions
Due to the fast prototyping and innovative nature of the IoT industry, IoT device security often takes a back seat in terms of priority. This can be especially true for wearable IoT devices. In one prominent example, a fitness tracking app inadvertently revealed the location of secret US military bases. This occurred when a few military personnel uploaded their fitness data to the cloud. That data contained the GPS locations of the areas where they were exercising.
This security breach does not mean that the military should ban the use of wearable IoT devices since those devices provide several benefits (i.e. tracking location of military personnel). However, it does mean that steps need to be taken to improve the security of these types of devices across military applications as well as other sectors.
Wearable IoT Devices – the Security Weak Points
For wearable IoT devices, security can be compromised at three levels: device, transmission, and cloud. Cloud security is a large topic that warrants a sperate discussion. This article will focus specifically on device-level security. Transmission security will be discussed in a future article.
In general, if a hacker has physical access to a computer, that computer can be considered hackable. He might not be able to retrieve data from the computer, but he/she will eventually gain access. Most computers are designed to allow this to happen so that users who accidentally lock themselves out can regain access to their computers. This works well with traditional computers where the hardware mostly sits in one location and will rarely be moved.
On the other hand, if a hacker has no physical access to the device, then he/she must rely on a network connection or wireless connections such as Bluetooth to hack the computer. A computer that is not connected to anything, and that resides in a secure location, is virtually impossible to hack.
Wearable IoT devices are, by design, not restricted to a single, secure, location. As a result, they usually have some type of wireless connection capability. If that wearable device is accidently separated from its legitimate owner it can be vulnerable to a wide range of security threats. A hacker with malicious intent could quickly and easily install malware. The hacker could compromise the device through different types of wireless connections (WiFi and Bluetooth) that are vulnerable to attack.
Safeguards to Improve Wearable IoT Device Security
Improving the security of IoT wearable devices—at the device level—will require much work and innovation. Many device OEM’s simply do not have the resources required for such a long-term effort. For the time being, other means of protection must be employed. This includes device owners being able to detect, and react to, abnormal device behavior. If suspicious behavior is detected, the owner can shut down the device and evaluate the problem once they are in an offline environment.
This is where MicroAI™ can help. MicroAI(TM) Atom is equipped with an advanced multi-dimensional time series AI algorithm that can detect anomalies–in real time–by monitoring the behavior of the device. Unlike traditional security solutions, MicroAI™ Atom does not need to be updated regularly through the cloud. It can work indefinitely without ever being connected to the internet. Since MicroAI™ Atom is a behavior-based security solution, all it needs is your behavior data. Therefore, “updating” MicroAI™ Atom only requires that the user train the AI again locally with no need to download anything from the internet.
An example of how MicroAI™ Atom helps improve wearable IoT device security would be as follows:
- The user puts MicroAI™ Atom in training mode and uses the device normally for a certain period of time. Depending on the specific use case, this can be a few hours, one day, or one week. This process is completely offline. Data will be collected locally and consumed by the AI engine locally.
- Once the training process is complete, the user can switch MicroAI™ Atom to execution mode. This is the normal operating mode. MicroAI™ Atom will use the trained model to monitor security related behavior of the wearable IoT device. The device is now protected and can be used normally. MicroAI™ Atom does not need internet connection in this stage, but a cloud option is available if the user wants to analyze the behavior of the device.
- If the behavior of the device deviates significantly from the trained normal behavior, MicroAI™ Atom will generate an alert telling the user the device is behaving abnormally. This alert can be used in different ways. It can be displayed on the device or it can be sent to the cloud.
- MicroAI™ Atom can also generate daily, weekly, or monthly reports based on the behavior of the device.
With MicroAI™ Atom, the device is protected by a dynamic, self-learning, AI engine that provides protection even in those cases where official security updates are no longer available. Even if Zero-day vulnerabilities are being used to attack the device, MicroAI™ Atom will still alert the device owner or administrator when the device starts to do things that are outside its normal behavior. This capability is especially critical for wearable IoT devices that are tasked with serious tasks and functions.
MicroAI™ Atom provides IoT device owners with security in the knowledge that their devices are performing normally and are not being compromised by malicious cyber-attacks.