At the recent 2014 Consumer Electronics Show in Las Vegas, one of the biggest trends to emerge was a focus on wearable devices. Intel CEO Brian Krzanich gave a keynote highlighting his company's intentions to expand into the wearable market with devices like smart earbuds, smart watches and even a device for infant onesies designed to improve baby monitoring. Elsewhere at the conference, attendees discussed the need for a "killer app" to make wearable technology viable, and they highlighted uses such as wristbands for making credit card payments or smart socks for tracking foot positions, TechRadar reported. With the eyes of the tech world turning toward wearables, however, pressure remains for developers to improve the software security of these devices.
Stephen Pierce, medical devices leader at IBM, told TechRadar that the need for improved health tracking is one of the major reasons for the enthusiasm surrounding wearables. He suggested that the average consumer might be relying on as many as 10 different devices on their body within the next five years.
The technology still has a few obstacles to overcome, TechRadar noted. Battery technology has to improve to make some of the smaller devices viable. Vendors need to figure out how to make devices central enough to consumers' lives that users don't take them off and forget about them. And social acceptance still has a long way to go, with a Forrester study from last year finding that just 4 percent of people would actually want to wear such devices. But companies are hard at work on solving these problems.
"Wearables are not everywhere today because they aren't yet solving real problems and they aren't yet integrated with our lifestyles," Intel's Krzanich said. "We're focused on addressing this engineering innovation challenge."
Another looming issue is that of security, CSO noted in a recent article. Since these devices are automatically connected to the Internet, they can present a tempting attack vector. For instance, a hacker could capture a broad variety of sensitive audio and visual data by tapping into Google Glass and monitoring a wearer's activities. Such attacks have already been proven potentially viable: Last year, researchers at Lookout Mobile devised a way to perform a remote takeover using a malicious QR code. The flaw was patched, but similar threats could easily emerge.
"Every organization should write policies for wearable devices that limit where these things can be used, when they can be used, and what their acceptable use is," Prescient Solutions CIO Jerry Irvine told CSO.
Wearables will likely encounter many of the same challenges as mobile devices, experts told InformationWeek. Consumers will be drawn to wearables because of the app options available, but the type of data sharing these apps foster will also introduce security risks. Given the level of connectivity and integration, there will be clear paths for hackers to go after both personally identifiable information and private health data, Domingo Guerra, president and cofounder of mobile app risk management service Appthority, told the publication. He suggested that vendors should draw on the lessons learned from mobile.
"Mobile exploded really quickly, and a lot of developers started building apps into the new ecosystems," he told InformationWeek. "And that's kind of why it grew so fast, but security and privacy weren't always in the top of mind."
He added that wearables could very likely take off suddenly, and he suggested developers start planning ahead. One of the best ways for developers to plan more security for their wearables is to transition to a secure development lifecycle that includes regular use of static analysis software and leverages peer code reviews for more software security insight. By prioritizing security during the development process, companies can catch errors early on and tackle threats before they ever emerge. With wearables set to explode in the year ahead, such approaches will be essential for securing the growing number of data feeds.
• View these online courses to learn more about secure coding
• Read more about When, Why and How to Leverage Source Code Analysis (PDF)
Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.