My New Pebble Smartwatch: A Social Engineering Problem



StuPebble resized 600 

I scored a brand new jet-black Pebble smartwatch this week. It's Kickstarter's most visible and successful product, pretty cool, easy to set up out of the box even for a non-techie and the customization features are exciting. I finally have watch face I designed exactly like I needed it. There are some drawbacks though.

Soon Sony, Google, Apple, Samsung and others will come out with their own wearable devices. For better or for worse, we are at the cusp of a new age: BYOWD (Bring-Your-Own-Wearable-Device).

If you listen to the ever wildly optimistic Juniper Research, almost 70 million smart wearable devices will be sold in 2017. At the moment wearable tech is for the pioneer / early adopter crowd, but I'm tellin' ya, one of your execs that hooked up their smartwatch or Google Glass to their smartphone is going to have pairing issues or other problems, need tech support...
and calls YOU.

Perhaps you yourself will be wearing one of these puppies to warn you that a mission critical system is down. And mostly these smartwatches are going to be used for just that: notification.

I've got my Pebble set up with Caller-ID and Text notifications so I can see who tries to get in touch with me without having to quickly grab my phone and see who it is. However, it looks like the firmware is still being worked on as I'm having some pairing problems with my brand new Galaxy S4.

And imagine the extra security risk and social engineering threat you now have to deal with. The bluetooth or Wi-Fi connection gets hacked, the attacker sends a text from a supposedly trusted source with the request to quickly call re an emergency and it's security breach city. Think about the risks in the financial, healthcare and energy sectors with BYOWD. Here is
an article that shows that Google Glass is vulnerable to attacks:

One way to deal with this is you're going to have to manage one more class of device in your Mobile Device Management console, this one literally connected to your user, and only approve devices for network access that you actually can manage that way.

For better or for worse, we live in an era of "there's an app for that", in which the employees choose which applications to use on their mobile devices and we in IT need to somehow provide a secured framework for this purpose. From a security angle, this is not a "nice to have", but a real need.

Forget about "securing the perimeter", that concept is now dead. BYOWD makes it more than clear that your individual user is your perimeter now, where ever they may be. And they's better be trained to not fall for hacker tricks.

What do you think? Does wearable tech have a future in the enterprise? 

 

Related Pages: Social Engineering




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews