This opinion piece at CreditUnionTimes.com indicates how increased use of wearables for banking and payments, represents a new important attack surface as well as a vector by which criminals can gain more intelligence regarding a potential victim:
“And as financial institutions move toward chatbots and artificial intelligence-powered assistants, banking with your wearable device will become even easier. AI-powered virtual assistants will learn your voice and behavioral patterns, and can alleviate major frustrations associated with smaller wearable devices such as typing, entering credentials and repeating commands the consumer performs often.
However, there are security concerns for wearables. As app developers create wearable-optimized versions of productivity-enhancing tools for personal and business use, and as device manufacturers race to create the latest must-have wearable gadget, security may not keep up with innovation. The increase in the number of native applications available for smartwatches will create new opportunities for fraudsters to compromise wearable devices and gain access to highly valuable personal and financial information.
From simple fitness trackers that connect to a mobile phone to stand-alone smartwatches, potentially sensitive personal and financial information is being passed to the app and manufacturer. For example, users may be asked for access to their files, location, contacts and camera, and for personal information (age, height, weight, gender, etc.), as well as financial information.
One very popular type of wearable that carries risk is the fitness tracker. While the average consumer may not recognize the risks of these devices, these wearables can collect and transmit personal data that can be compromised. A study by the University of Edinburgh showed personal information can, in fact, be easily intercepted and stolen from fitness wearables.”
The article, written by Michael Lynch, the Chief Security Officer for InAuth, also identifies that wearables represent a risk to the enterprise.
“. Wearables linked to mobile devices, which in turn are linked to a corporate network, open organizations up to additional risks of attack. Even though the wearable itself may not be the primary target of an attack, its link to a mobile device creates another point of entry for cybercriminals to exploit – especially since wearables security is a relatively a new frontier. Information that can be stolen and exploited includes real-time geolocation data, emails, contacts and other proprietary information on the device.”
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group
