Your Smartwatch Could Be A Major Security Risk

Smartwatch owners have been warned to be on their guard after a new survey found that many of the most popular wearable devices carry major security flaws.

A study by HP Security found that smartwatches, thanks to their increasing connectivity to the Internet of Things, are packed with potential ways for cybercriminals to access and hijack devices.

Overall, 100 percent of the ten devices tested by Fortify, HP Security’s application provider, were found to contain “significant vulnerabilities”.

Risky

Among the vulnerabilities uncovered were a lack of proper authorisation and authentication provisions, as when connected to a test mobile device that was deliberately made insecure three in ten of the devices proved vulnerable to ‘account harvesting’ thanks to a combination of weak password policy, lack of account lockout, and user enumeration.

Seventy percent of the smartwatches tested were also found to come up short concerning the protection of firmware updates, including transmitting firmware updates without encryption and without encrypting the update files. The fact that three of the devices also utilised cloud-based web interfaces also left them at risk of having password or data stolen by hackers using reset password forms.

There were also concerns about the security of the personal data collected by the devices, as to get the most out of the key apps packaged with the smartwatches, users often need to give up information such as name, address, date of birth, weight, gender, heart rate and other health information.

The above issues, coupled and the continuing problems of device users creating easy to crack passwords, this raising some serious worries about the potential exposure of this personal information.

“Smartwatches have only just started to become a part of our lives, but they deliver a new level of functionality that could potentially open the door to new threats to sensitive information and activities,” said Jason Schmitt, general manager, HP Security, Fortify.

“As the adoption of smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks.”

Suits you? Try our Wearable Tech quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

View Comments

  • Has anyone actually seen the report in question? The page linked to in this article is a news page. It mentions the report, but doesn't appear to link to it.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago