The New Personal Attack Surface


Many people think Apple announced a watch yesterday, but what they really launched was an entirely new attack surface area.

As I wrote about here, the big thing the Apple Watch is introducing is not a digital version of a luxury watch that can do some neat stuff. That’s what they presented, but it’s not the real story.

The truth is that the Apple Watch is going to be become the enabler for personal manipulation of the environment.

We’ll hail Ubers with it. We’ll buy things with it. We’ll open and start our cars with it. We’ll enter our homes with it. We’ll give other people access to our homes with it. We’ll check into hotels and open our room doors with it.

It’s like the glove in Minority Report, but not for GUI manipulation—for environment manipulation.

And this will have profound implications for information security.

Privacy matters. Personal data matters. Photos matter. Location information matters. But what matters more than all of these things is access.

That’s what Apple introduced—a universal access control mechanism in the form factor of a watch.

Payments. Doors. Data. The watch will become the talisman of personal control, and to attackers this is revolutionary.

It’s not that they’ll start attacking the watch (they will), but rather that they’ll start attacking the relationships between people and the things their watch and phone control.

Their home security. Their data files. Access to their finances. So much will pivot on the core component of TouchID and its subsequent representative in the watch.

Oh, and you can talk on this thing, too. Like a cartoon from the 80’s.

It’s science fiction stuff. And for attackers it’ll be a utopia, not a dystopia.

Related posts: