This technical information has been contributed by
IEEE Center for Secure Design

IEEE Highlights Security Design Flaws in Wearable Devices

IEEE Center for Secure Design releases report that examines security design threats in fictitious wearable fitness tracker

PISCATAWAY, N.J.— IEEE recently announced the release of its report, “WearFit: Security Design Analysis of a Wearable Fitness Tracker.” The report highlights 10 common security design flaws using a security analysis of a fictitious wearable fitness tracking system called WearFit. The flaws examined build upon the work originally introduced by the IEEE Center for Secure Design in 2014 in the report, “Avoiding the Top 10 Software Security Design Flaws.”

Adoption of connected devices, including cars, appliances and wearables that make up the Internet of Things (IoT), is growing rapidly. Industry analysts report that nearly half the population is expected to use wearable fitness-tracking devices by 2019. The form factor of devices, like WearFit, that connect people with other devices represents a new way that society consumes computing technology. In turn, this makes wearables a high-priority area of scrutiny for potential software security threats.

While WearFit is a fictitious product, its design was based on real-world systems, including device architecture and various components, each of which present potential attack surfaces—at the device, mobile application, website, and in transit between those different platforms. “WearFit: Security Design Analysis of a Wearable Fitness Tracker” first describes how the device is designed at a functional level, independent of security, then applies each of the 10 flaws in a detailed analysis of the WearFit design.

“Broadly speaking, security is a real concern whenever technology is involved,” said Jacob West, founding member of the IEEE Center for Secure Design, and chief architect, Security Products, NetSuite, in a press release. “While this concern shouldn’t prevent the adoption of technology, we hope that by reading this design analysis, consumers gain a better understanding of the kinds of attacks that can impact wearable fitness trackers, and the good design decisions that can prevent those attacks from succeeding. For security professionals, we highlight the importance of building security in from the design of the software all the way through the development and testing, until it is eventually brought to market. With ‘WearFit: Security Design Analysis of a Wearable Fitness Tracker,’ our goal is to expand the focus to include a balanced approach that looks at design flaws and identifies ways that manufacturers can avoid vulnerabilities and bugs by the nature of the way the device is built.”

The IEEE Center for Secure Design is managed by the IEEE Cybersecurity Initiative that aims to shape and lead a technical agenda by providing tools for computer security education, guidance on secure software coding, and software assurance engineering. The IEEE Cybersecurity Initiative is a program of the IEEE Future Directions Committee, designed to develop and share educational tools, events and content for emerging technologies.

To learn more, follow the IEEE Center for Secure Design on Twitter or visit cybersecurity.ieee.org.

WearFit, as used in this report, is a fictitious product. IEEE is not affiliated or associated with Wear-Fit Fitness.