Securing Your In-Ear Fitness Coach - Challenges in Hardening Next Generation Wearables

Explore the security and privacy challenges in developing next-generation wearables through a Black Hat conference talk. Delve into the custom Security Development Lifecycle (SDL) created for Radar Pace, addressing vulnerabilities and privacy concerns across wearable devices, smartphones, and cloud infrastructure. Learn about the unique security paradigms for hardware, firmware, software, and ecosystem communication in IoT and wearable technology. Examine real-world exploit scenarios, regulatory guidelines, and methods for quantifying privacy vulnerabilities. Gain insights into securing novel gadgets and implementing effective security measures for emerging wearable ecosystems.

Intro
loT/Wearable Ecosystem
Case Study: In-ear fitness coach
Challenges: Securing a never-before gadget
Challenges - Technical
Proposal : Securing a never-before gadget
Introducing SPDL
Security topics
Hardware & Firmware Security Paradigms
SW Security Paradigms: application SW
Cloud Software & Infrastructure Security
Ecosystem security challenges
Device communication
The Problem - Prelude
Root Cause
Example - Wearable Ecosystem 1
Example - Wearable Ecosystem 2
Environment
Our Recommendation
Ecosystem overview
Target : Sign-up and Profile pages
Exploit Scenario: The attack
Victim - logs in
Attacker's c&c
Access to admin portal
Regulatory Guidelines and Privacy Laws
Privacy Breaches
Quantifying Privacy Vulnerabilities