PISCATAWAY, N.J.--IEEE, the world's largest professional organization dedicated to advancing technology for humanity, today announced the release of its latest report, WearFit: Security Design Analysis of a Wearable Fitness Tracker. This report showcases the 10 common security design flaws using a security analysis of a fictitious wearable fitness tracking system called WearFit. The flaws examined build upon the work originally introduced by the IEEE Center for Secure Design in 2014 in the report Avoiding the Top 10 Software Security Design Flaws.
Adoption of connected devices including cars, appliances and wearables that make up the Internet of Things (IoT) is growing rapidly. Industry analysts report that nearly half the population is expected to use wearable fitness-tracking devices by 2019. The form factor of devices like WearFit that connect people with other devices represents a new way society consumes computing technology. In turn, this makes wearables a high-priority area of scrutiny for potential software security threats.
While a fictitious product, WearFit’s design was based on real-world systems, including device architecture and various components, each of which present potential attack surfaces – at the device, mobile application, website, and in transit between those different platforms. WearFit: Security Design Analysis of a Wearable Fitness Tracker first describes how the device is designed at a functional level, independent of security, then applies each of the 10 flaws in a detailed analysis of the WearFit design.
“Broadly speaking, security is a real concern whenever technology is involved. While this concern shouldn’t prevent the adoption of technology, we hope that by reading this design analysis, consumers gain a better understanding of the kinds of attacks that can impact wearable fitness trackers, and the good design decisions that can prevent those attacks from succeeding. For security professionals, we highlight the importance of building security in from the design of the software all the way through the development and testing, until it is eventually brought to market,” said Jacob West, founding member of the IEEE Center for Secure Design, and chief architect, Security Products, NetSuite. “With WearFit: Security Design Analysis of a Wearable Fitness Tracker, our goal is to expand the focus to include a balanced approach that looks at design flaws and identifies ways that manufacturers can avoid vulnerabilities and bugs by the nature of the way the device is built.”
The IEEE Center for Secure Design is managed by the IEEE Cybersecurity Initiative that aims to shape and lead a technical agenda by providing tools for computer security education, guidance on secure software coding and software assurance engineering. The IEEE Cybersecurity Initiative is a program of the IEEE Future Directions Committee, designed to develop and share educational tools, events and content for emerging technologies. To learn more, follow the IEEE Center for Secure Design on Twitter or visit cybersecurity.ieee.org.
WearFit, as used in this report, is a fictitious product. IEEE is not affiliated or associated with Wear-Fit Fitness.
IEEE, a large, global technical professional organization, is dedicated to advancing technology for the benefit of humanity. Through its highly cited publications, conferences, technology standards, and professional and educational activities, IEEE is the trusted voice on a wide variety of areas ranging from aerospace systems, computers and telecommunications to biomedical engineering, electric power and consumer electronics. Learn more at http://www.ieee.org.