The nascent smartwatch industry has been criticised by a security firm after it discovered that the security features on some of the most popular smartwatches are not up to scratch.
The warning comes amid ongoing concerns about the security impact of wearable devices in the workplace.
The study was carried out by Trend Micro in partnership with First Base Technologies, and examined Android-based devices such as the Motorola 360, LG G Watch, Sony Smartwatch, Samsung Gear Live and the Asus Zen Watch.
The study also examined the Apple Watch and Pebble wearable, but did not seem to cover Microsoft’s Band device for some reason. All devices were patched with the latest versions of their respective operating systems, and were paired to the iPhone 5, Motorola X and Nexus 5.
For the study, the devices were “stress-tested” on issues such as physical protection, data connections and information stored.
Trend said that the physical device protection across all smartwatches was poor, with no authentication via passwords or other means being enabled by default.
“This would enable free access if the wearable was stolen,” warned Trend. “All devices apart from Apple Watch, failed to contain a timeout function, meaning that passwords had to be activated by manually clicking a button.”
But the Apple Watch is not blame free, despite having better security features than its Android or Pebble rivals. The study found that the Apple Watch contained the largest volume of sensitive data, with images, contacts, calendars and passbook data all being stored on the device itself.
“Across all of the smartwatches that were tested, it is clear that manufacturers have opted for convenience at the expense of security,” said Bharat Mistry, Cyber Security Consultant at Trend Micro. “On the surface, a lack of authentication features can make devices appear easier to operate, but the risk of having personal and corporate data compromised is much too big of an issue to forget about.”
“Manufacturers must ensure that simple security features, such as limited password attempts, are enabled on devices by default,” said Mistry. “This considerably reduces the likelihood of data breaches. Smartwatch manufacturers must be cognisant of the fact they can slash data breaches by employing this best practice.”
“Although smartwatches are a relatively new technology, the same security issues that we’ve witnessed with smartphones are still present,” said Mike McLaughlin, Senior Penetration Tester & Technical Team Lead at First Base Technologies. “Google and Apple have added complex layers of encryption to their Bluetooth and Wi-Fi data connections; but if someone were to steal a watch without a password enabled, any data stored would be easily compromised. The biggest risk, as with all technology, is gaining physical access to the watch, and manufacturers should ensure simple features are in place to prevent this”.
The study did find that the Apple Watch was the sole wearable that allowed a wipe of the device after a set number of failed login attempts. This means the other devices are vulnerable to brute force attacks.
But security concerns remain about using these devices inside the corporate firewall.
Last month, a study by HP Security also found that many smartwatches carry major security flaws, thanks to their increasing connectivity.
Overall, 100 percent of the ten devices tested by Fortify (HP Security’s application provider) were found to contain “significant vulnerabilities”.
Suits you? Try our Wearable Tech quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…