Philip Lieberman, president, Lieberman Software (www.liebsoft.com):
“Given the demos and its wireless nature, there appears to be a new security vulnerability surface area for this device whereby the local phone-to-watch device network may be subject to wireless skimming/spoofing.
As to how vulnerable the design is, that will remain a mystery until the device is released and the full community of researchers have had a chance to review and sniff the traffic between the Apple devices as well as review the Software Development Kits (SDKs) for the new device.”
Brett Fernicola, chief information security officer, STEALTHbits Technologies (www.stealthbits.com):
“So the race begins to be the first person to jailbreak the Apple Watch. If you’re lucky enough to get a full day’s battery life you might be lucky enough to have your watch exploited while riding the subway too. I for one always have Wifi and Bluetooth disabled on my phone when I travel outside my premises both for battery life and security. I don’t feel the need to walk around with a beacon on my wrist that wouldn’t even last long enough if I was caught in an avalanche. I’ll pass on the smartwatch craze and stick to a traditional watch that does one thing well, tell time without ever having to come off my wrist or put my personal information in danger.”
Ken Westin, senior security analyst, Tripwire (www.tripwire.com):
“The fact the device uses both Wi-Fi and Bluetooth will provide a great deal of interoperability and additional functionality for the watch, however it also comes at the price of increasing the attack surface for the device. Given the fact that it is a high profile device which will have wide adoption you can bet security researchers and hackers alike will be poking and prodding the watch to find new vulnerabilities as well as take advantage of existing attack vectors leveraging weaknesses in both Wi-Fi and Bluetooth. As the device is utilizing both it will also be interesting to see how that data can be used to track individuals in physical spaces, as this has both security and privacy implications, not just from a malicious attackers perspective, but also overzealous marketing. The fact the Apple Watch also integrates 3rd party apps could also increase security and privacy concerns.”
Webinar By Duo Security: Securing Apps and Data in the Cloud and On-Premises (March 11, 2015 at 10 am PST / 1 pm EST)
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.