Cybersecurity Trends for 2014 – Trend 3 – Wearable Malware
Picture from androidandme.com.
Cross-posted to the Blue Coat security blog.
There will always be malware for popular platforms – taking advantage of the most popular platforms brings benefits to those who seek to gain at the expense of others. We’ve seen this in the past – the popularity of Microsoft’s Windows platform (as compared to the Mac OS or Linux) has meant that it is a large target for people who write malware. As phones and tablets have started to supplant the PC, this is becoming true of mobile operating systems such as Android.
Android is a popular platform, running many of the world’s smartphones and tablets. An increase in malware targeting Android has been reported – as much as 388% (http://www.welivesecurity.com/2014/02/20/android-under-assault-as-spyware-and-trojans-grow-by-400-company-claims/). It’s no stretch to imagine then that it will continue to be a target for malware authors.
This leads to an interesting conclusion which forms the basis of the prediction – as Android starts to power more wearable technology, such as watches, health monitoring gadgets, and other types of wearables, it will be possible to get malware on things you wear – essentially wearable malware. (I jokingly referred to this in my talk as “wearware”.) There has not been any report of malware for the Galaxy Gear, but I will (unfairly) pick on them to show an example of what could be. The Samsung Galaxy Gear, in its first iteration, had the following specifications:
- Single core 800Mhz processor
- Square 320 pixel Super AMOLED touchscreen display (277PPI)
- 1.9 MP camera w/back-illuminated sensor, auto-focus, and 720P video recording
- Two noise-cancelling microphones
- 4GB internal memory
- 512 MB RAM
- 315mAh battery
- Android 4.2.2
The Galaxy Gear is therefore very similar to an early cell phone, and malware for cell phones has been around for at least a decade. Android 4.2.2 running on an 800Mhz processor with 512MB RAM isn’t enough power to run photo editing tools, but it’s certainly enough power to run malware. Malicious software transmitted via bluetooth would not only infect your phone, it would also infect any wearables that are connected to that phone. While I’m (unfairly) picking on Samsung and the Android OS, there’s nothing to say that this couldn’t also happen on iOS or any other mobile OS and the devices with which they will connect.
Again, to be clear, there has never been any instance of this occurring so far, and Google and Samsung have an excellent reputation for security that they do their utmost to maintain. However, it is not at all that far-fetched to assume such a scenario as I’ve described, and with the proliferation of wearable devices, I think it will unfortunately only be a matter of time before it becomes more commonplace.