Securing Your In-Ear-Fitness Coach: Challenges in Hardening Next Generation Wearables

Presented at Black Hat Asia 2018, March 22, 2018, 11:45 a.m. (60 minutes).

Wearable platforms today enable rich, next-generation experiences such as secure payments, specialized sports tracking and precise location monitoring. Data collection is only the first step for these products. The real "user experience" is often the result of a complex mesh of interactions between wearables, smartphones, cloud-hosted array of web applications and analytics software. Designing and validating security for such ecosystems, the kind of which never existed until a few years ago, demands brand-new lines of thinking and security best practices. Wearables live and operate on the human body, collecting a wealth of personal data. This gives rise to new challenges in storing such data securely and conforming to privacy regulations, especially in a world where consumer privacy laws are so diverse.

The Oakley Radar Pace is a head-worn real time, voice-activated coaching system that creates and manages training programs for track running or cycling. The "coach" is an NLP-powered voice assistant on the eyewear. User can converse with it hands-free, and get advanced feedback on their performance.

In our presentation, we talk about the security and privacy research that went into designing and developing Radar Pace, including a custom Security Development Lifecycle (SDL) that accounted for the three "branches" of the program: wearable, phone and the cloud. We present examples of vulnerabilities and privacy problems associated with such new classes of products. While the applications and use cases for wearables are limited only by the designers' imagination, the best practices we have pioneered will be useful and can easily be reapplied by vendors creating new wearables and IoT products. The goal of our presentation is to educate attendees about shedding the old notions of privacy and Security Development Lifecycle when preparing for the products of the future, as well as to discuss interesting security vulnerabilities in such technologies


Presenters:

  • Kavya Racharla - Senior security researcher, Intel Corp
    Kavya Racharla is a senior security researcher and lead for Intel's New Devices Group. At her current role at Intel, she is responsible for the end-to-end security of various wrist worn and head worn wearables. She worked for Oracle and Qualcomm's security teams before her current job at Intel. She has a Masters in Information Security from the Johns Hopkins University and a passion for Security.
  • Sumanth Naropanth - Founder and CEO, Deep Armor
    Sumanth Naropanth is a technical expert in security research, vulnerability assessments, security architecture & design, and incident response. He has held several security leadership positions, has developed detailed frameworks for Security Development Lifecycle (SDL) for large corporations, and has managed global teams that executed those SDL activities. Sumanth is the founder and CEO of Deep Armor. He previously worked for Sun Microsystems, Palm/HP and Intel. He and his team frequently publish and present their research at well-known security conferences worldwide. Sumanth has a Masters degree in Computer Science (Security) from Columbia University.

Links:

Similar Presentations: