The Wearables Security Conundrum

As Apple looks to the first half of next year for the first shipments of its payments-capable Apple Watch, companies look to support the device find themselves in a frustrating security conundrum. As with any brand new market, there is little immediate risk of cyber attacks as there’s no ROI for attackers to device attacks until there is enough marketshare to make it worthwhile.

That puts software developers–and Apple itself–in an awkward position. How much security investment can those apps justify, given the need to fight off a not-yet-existing attacker? And yet, if a cynical public is being asked to make payments on their wristwatches–something that even Dick Tracy was too risk-averse to try, even in comic books–extensive security not only needs to be present, but it needs to be loudly trumpeted. But app firms don’t want to speak loudly about security as that only reminds shoppers of the existence of security risks.

This is similar to the Catch-22 that haunted NFC payments for so long, where consumers didn’t want to use mobile wallets until most of their favorite stores used them and those favorite stores didn’t want to support NFC until it saw lots of its customers trying to use it. The payments community is hopeful that Apple, which has made a very nice living from convincing consumers that they desperately need something that they never heard of an hour ago, will break that logjam with Apple Pay.

But can that magic carry through to Apple Watch and make wearables a viable and popular means for payments?

Smartwatch marketing focuses on a device’s usability and functionality, but what seems to be missing is a focus on implementing and educating the consumer about one of the industry’s key concerns: data security. And while smartphone companies have marketed the concept of security measures to consumers, not many specifics has been revealed as to how that is going to be achieved.

“A smartwatch can track even more personal and more sensitive information than a smartphone, so marketers need to be careful what potential marketing application they want to develop” Anselme Laubier, a technology expert at GfK told Mobile Commerce Daily.

While marketers focus on pitting the product’s design, apps and features against one another, industry experts suggest more focus needs to be on device security so consumers can feel comfortable using it as a primary device to conduct business, make financial transactions and conduct other personal matters.

According to the 2014 Symantec Internet Security Threat Report, smartwatch security should be a main concern for companies and consumers. The report also detailed that the very technology attracting users to use smartwatches — wi-fi, bluetooth capability, and NFC — are the same technologies that opens users to potential threats from hackers. Because smartwatches are devices with tracking capabilities that work across a range of mobile platforms and connect through multiple technology options, they are more susceptible to threats.

“Users who are less aware of the potential risks and dangers may soon find themselves victims. The importance of online security education and awareness-raising for these users will be greater than ever. In the future, expect more traditional malware threats being “ported” to mobile devices. Fake security software has already appeared in this environment, and ransomware could soon be developed for the mobile platform too, given how lucrative it has proved on desktop and laptop computers,” according to the report.

The results of a study reported Oct. 14 indicate smartwatch consumers aren’t as excited about the concept of using a smartwatch to make payments as they are about the other capabilities of the wearable mobile device. That study — which highlighted that the markets most welcoming to the concept are in China and the U.S. (54 and 40 percent, respectively) — showed that most consumers won’t use a smartwatch for a primary payment option. Security risks could be a main driver behind the consumer hesitancy.

Looking at the cyber criminal aspect behind hacking smartwatches, the new technology brings with it an entirely new set of worries for the consumer. Most people already know they need to secure their smartphone or computer, but when it comes to smartwatches, the same thought process may not exist. Companies have vowed to offer enhanced security measures, but not many specifics have been discussed.

As Wearable technology is woven into the “fabric of the Internet,” the report concludes that this will increase the attack surface and present a new battleground for cyber crimes and security threats.

“There may be plenty of opportunities to compromise these devices through new methods not explored at this stage. So far, mobile threats are still mainly aimed at consumers rather than enterprises. …Targeted attacks can be expected to take advantage of the mobile landscape in the near future, especially since the potential for surveillance or counter surveillance measures are even higher on devices that include in-built cameras and microphones that may be switches on and off with ease,” said the report.

Mobile payments are expected to see a surge in growth from now until 2018, according to a forecast report from Javelin, who provided an estimate in the total amount of mobile payments would increase from $398 billion to $5.4 billion in 2018. But how does wearable technology play into this? Enhancing low-energy bluetooth is one option. Still, a Venture Beat article suggests smartwatches are the future of mobile payments, but said it’s more about the device than technology alone.

“The wrist-worn wearable device, because of its body positioning and therefore its inherently advanced security, has the ability to make it the device that you don’t leave home without — the device that could eventually replace the smartphone. Combining the Pebble Watch and the FuelBand in a wearable to deliver both alerts and activity tracking to your wrist-worn device has a certain appeal, but in order to drive mainstream adoption, the new device needs a technology that would extend its functionality and drive a similar shift in consumer behavior caused by the iPhone,” the Venture Beat report stated.

Smartwatches like Samsung’s news Galazy Gear will come with a fingerprint sensor for mobile payments, while the Apple Watch is an NFC-enabled device. Understanding how consumers make purchases online and conduct business on the go may be the key to attracting new smartwatch customers.

“Right now, NFC is the answer. It’s ready and it’s capable,” Venture Beat reported. “It wouldn’t just make this wrist-worn device a mobile payments solution, but would also allow this “watch” to act as your bus pass, key card at work, open your garage and not only unlock your apartment door, but your entire workstation. This is the technology that could take smartwatches from cool-kid appeal to the mainstream. It would not only drive widespread adoption of wearables but also drive adoption of in-store mobile payment solutions.”