100 percent of smartwatches tested by HP Security showed major flaws
Smartwatch owners have been warned to be on their guard after a new survey found that many of the most popular wearable devices carry major security flaws.
A study by HP Security found that smartwatches, thanks to their increasing connectivity to the Internet of Things, are packed with potential ways for cybercriminals to access and hijack devices.
Overall, 100 percent of the ten devices tested by Fortify, HP Security’s application provider, were found to contain “significant vulnerabilities”.
Among the vulnerabilities uncovered were a lack of proper authorisation and authentication provisions, as when connected to a test mobile device that was deliberately made insecure three in ten of the devices proved vulnerable to ‘account harvesting’ thanks to a combination of weak password policy, lack of account lockout, and user enumeration.
Seventy percent of the smartwatches tested were also found to come up short concerning the protection of firmware updates, including transmitting firmware updates without encryption and without encrypting the update files. The fact that three of the devices also utilised cloud-based web interfaces also left them at risk of having password or data stolen by hackers using reset password forms.
There were also concerns about the security of the personal data collected by the devices, as to get the most out of the key apps packaged with the smartwatches, users often need to give up information such as name, address, date of birth, weight, gender, heart rate and other health information.
The above issues, coupled and the continuing problems of device users creating easy to crack passwords, this raising some serious worries about the potential exposure of this personal information.
“Smartwatches have only just started to become a part of our lives, but they deliver a new level of functionality that could potentially open the door to new threats to sensitive information and activities,” said Jason Schmitt, general manager, HP Security, Fortify.
“As the adoption of smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks.”
Suits you? Try our Wearable Tech quiz!