UL Labs Examining Wearables Security Concerns

With the rising use of wearable devices, Underwriters Laboratories is working to establish a cyber-security framework to help protect the devices.

wearables guidelines

As more personal digital wearable devices are bought and used by consumers, the risk of data theft and related security issues rises as hackers seek to find new security vulnerabilities to cause mayhem for device users.

To combat those potential problems and security concerns, Underwriters Laboratories is working to create a framework of guidelines that could be used to help device makers build products that offer better protection against threats from hackers. The framework aimed at wearables could even offer potential testing and certification for wearable devices that would give consumers more information about such products when they go to purchase them, Anura Fernando, UL's principal engineer for medical software and systems interoperability, told eWEEK.

"It could range from informative test reports which are less formal, to a more traditional UL certification program which is more about product testing, lab results and a certification," he said. "This is the level of trust that's been established among consumers. We're hoping to put a program out there that continues to support that level of consumer confidence."

The wearables security framework from UL could also include details about some of the things that wearables makers would have to include in their products to ensure a baseline of security around their devices, said Fernando. "With wearables, you want to make sure they are using specific frequencies, specific absorption rates for health safety and also have the ability to look at products for [potential] skin reactions."

The guidelines could cover smartwatches, fitness bands, health monitoring devices and all other types of wearables.

Such a framework aimed at wearables is expected by the end of 2015, he said. "We are doing exploratory work right now."

By building these types of guidelines for such devices, vendors could build wearables that would be more secure and less vulnerable to potential security breaches, he said.

This kind of cyber-security work is not new for UL, which also is involved in consumer credit card security processes, according to Fernando.

The inspiration for UL involvement in wearables security came in part from previous public comments by Michael Daniel, special assistant to the President and cybersecurity coordinator for the United States. Daniel has stated that the nation has a need for a UL-type of safety certification for Internet of Things product security as more and more such products come to market.

"This would be a broadened approach that looks specifically at addressing [targeted] characteristics and aspects of security," said Fernando. "We're doing proof of concept and viability analysis of the space across different industry sectors."

UL is a global independent company that has been doing product testing and safety certifications for more than 120 years.

In April, UL announced that is is collaborating with cyber-security company Codenomicon to develop and perform security testing on network connected devices starting with industrial automation equipment and services and medical devices.