Analysis

Smartwatch security advice from the People's Liberation Army

Davey Winder reveals an odd report warning that wearable devices are a risk to national security

Earlier this month a rather odd report appeared in the People's Liberation Army Daily, itself a rather odd 'newspaper' which acts as military mouthpiece for Chinese government policy.

The report - and I use that term very loosely as on closer inspection I suspect that 'work of fiction' would be more appropriate - seems to warn members of the PLA against buying or using wearable devices as they are a risk to national security.

Advertisement - Article continues below

The story itself is very confusing, as it relates to a soldier who was apparently using a smartwatch to take a selfie with his comrades in arms. Odd as it sounds, I think the People's Liberation Army may just have a point, and one that the enterprise might do well to at least consider.

The story itself goes on to warn about the use of any wearable device which has an ad hoc network capability and which, therefore, has the potential in a military scenario to divulge location and movement data to an enemy hacker.

Still not convinced that this should mean the CEO is told his Apple Watch isn't allowed in the building? There's little danger of your organisation going on top secret military manoeuvres any time soon.

Advertisement
Advertisement - Article continues below

However, researchers at Context Information Security have coded an app which can sniff the Bluetooth Low Energy (BLE) signals used by many wearables in order to track users within 100 metres. While it's not clear how that would be used in a military scenario, as a proof of concept it's interesting, although not enough to worry the CEO or the IT security bods in the enterprise truth be told.

Advertisement - Article continues below

Look at it from a different perspective: what if I were to rephrase the PLA warnings from "smartwatch classified photography" and "GPS tracking of troop movements by unauthorised parties" to passive collection of data and the ongoing unauthorised transmission of that data to a third party instead? Does that make you sit up and pay a little more attention? Just don't make me use the BYOD word...

Too late, BYOD is on the table now and so it should be. Wearables are devices, and even more likely to be brought by users into the workplace without the knowledge or approval of the IT department.

A pair of Google Glasses isn't exactly inconspicuous and a fitness tracker may not appear to present a huge threat to data security, but what about the increasingly clever generation of smartwatches?

The PLA have got one thing right and that is the potential for any networked device to be a security threat. Because of that, include wearables of all flavours in your BYOD policy.

Advertisement - Article continues below

If the user can install applications outside of organisational security and privacy policy control then it is a risk. If the user can share data between that device and an ad hoc network, including cloud storage applications, then it is a risk. If the device is covered by organisational policy and security controls then that risk is at least mitigated. 

If even the PLA knows this, make sure you and your IT department do too. 

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement
Advertisement

Recommended

Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
Visit/security/cyber-security/355368/microsoft-builds-ai-to-detect-security-flaws-with-99-accuracy
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020

Most Popular

Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
Visit/infrastructure/server-storage/355785/dell-emc-poweredge-r7525-review-an-epyc-core-density-to-make
Server & storage

Dell EMC PowerEdge R7525 review: An EPYC core density to make Intel weep

26 May 2020
Visit/infrastructure/network-internet/355792/intel-releases-wi-fi-and-bluetooth-driver-updates-for
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020