The hottest trend in fashion is the wearable. If your whole world is online, why not your accessories? With Apple’s Watch and FitBit still dominating the wearable headlines, the discussion is much more about the consumer viability of these gadgets and much less about the pink elephant. With all in the connected world of the Internet of Things and smart cities, that pink elephant is security and privacy.
Powering many of these devices is the wireless body area network, or WBAN is the wireless networks of the wearable space. Also called the IEEE 802.15.6, WBAN the short-range, low-power, international wireless communication standard that guides the devices that operate around our bodies (you wear or carry along) and inside them (implanted.) It’s called a network because it actually can be a series of sensors tracking different things. This set of standards was created in an effort for these devices and their generated data to come with an assurance of confidentiality, authentication, integrity, and data freshness.
Yes, you could say that our smartphones are already following our moves, but the difference is that the mobile space is guided by protocols and legislature. These standards are still evolving in the IoT and wearables space.
Think of it this way. You are basically opting to wear items that follow your every move and are intermittently or constantly connected to the internet. With the growing popularity in the infant wearables market, it’s very likely that every move of the entering generation will be monitored and recorded for posterity.
There are some serious red flags that make me more than cautious to engage in wearables fashion, and I’m not convinced of the benefits outweighing the risk just yet. Having had a cyber stalker, I am particularly nervous about the ease at which I could be tracked, and my movements predicted. Your big data could lead to insurance companies profiling your health habits to charge you more, and, under the auspice of promoting your health, your employers could track your location and “measure” your productivity. With the data collected giving insight into your life and security questions, even biometric technology can’t stave off the increased risk factors for identity theft. Add to all of this that none of these data is currently protected under the U.S. HIPAA, the Health Insurance Portability and Accountability Act, nor other international standards. And let’s not even talk about when the world has access to anyone’s bathroom and bedroom habits…
Once again, the responsibility rests on the shoulders of the developers to start to set and properly apply those standards.
What Makes Wearables So Sexy?
There’s no doubt that there’s a compelling argument for the flexibility, affordability, efficiency and increased effectiveness of these devices. There’s no denying that the world of wearables has many positive real-world applications, none more so than for the mHealth sector. A WBAN is inherently mobile, so it accumulates real-time data as it moves with the patient, independent of where it is being monitored. The two classifications right now are disability management and performance management, which sees wearables going as far as war zones to measure a soldier’s battle readiness. I know I’d certainly love my diabetic dad to get down with wearables to make sure his doctors have the whole truth.
The wearable world is becoming more attractive and more affordable to the common consumer. The devices themselves are more “wearable” as they become smaller and smaller. And with open APIs (application programming interface) like that at FitBit, interoperability is becoming more feasible.
And, with the wearable market’s expected growth to $12.6 billion in the next three years, you’d be crazy not want to get into the mix, but you need to be careful.
What are the Weaknesses of WBAN and Wearables?
Of course, security is the priority of these standards, however, very little research has been done to see if devices are complying. Plus, since wearable and injected devices have further resource constraints–like power and memory capacities — they simply can’t comply with the same standards as larger devices.
Norwegian informatics researcher Mohsen Toorani wrote a paper that depicts the four WBAN protocols and how they can be vulnerable to attacks like mentioned above. He introduces the topic by pointing out the inherent vulnerability that since “WBANs are resource-constrained in terms of power, memory, communication rate, and computational capability, security solutions proposed for other networks may not be applicable to WBANs.”
Considerable effort is still needed to make the WBAN transmission secure and accurate, which involves making sure that one person’s data is purely his and not mixed up with other data’s interference. Currently, a WBAN should be able to function properly with a three-meter radius with up to ten other WBANs running in the same area. That’s good, but if wearables take off, this won’t be sufficient during holiday shopping, in subways or mosh pits, nor will it be enough as the wireless ranges continue to lengthen.
And since some of these inserted Internet of Things, like pacemakers, could mean life or death, protection against hackers and impersonation is essential. According to Toorani, this kind of impersonation attack is feasible because public keys are self-generated by the involved parties, and they are not accompanied by digital certificates.
Add to this other challenges such as how different bodies are shaped and move, various temperature changes, and inefficient radio-frequency transmission ranges mean data accumulated now is frequently partitioned and disconnected.
You Tell Us! What are the next steps?
Yes, I fully agree that wearables have a compelling case for being the future of healthcare. However, I still am wary who will be able to access that data (ahem, NSA) and what they will do with it. And with very little research published on the topic, I also wonder how much we really know about the safety and security of these pieces. Of course, there’s a popular argument that we just accept we have little privacy and aren’t very bothered by it.
What do you think? Tell us what is happening in the wearables space to make you feel more confident your privacy is protected. Or do the benefits simply outweigh these risks?