Advertisment

Smartwatches yet to fix significant vulnerabilities

HP study has confirmed that smartwatches with network and communication functionality represent a new and open frontier for cyberattack

author-image
Sanghamitra Kar
New Update
smartwatch

BANGALORE, INDIA: HP study has confirmed that smartwatches with network and communication functionality represent a new and open frontier for cyberattack.

Advertisment

The study found that 100pc of the tested smartwatches contain significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns.

The most common and easily addressable security issues reported include:

Insufficient User Authentication/Authorization: Every smartwatch tested was paired with a mobile interface that lacked two-factor authentication and the ability to lock out accounts after 3-5 failed password attempts.

Advertisment

Lack of transport encryption: Transport encryption is critical given that personal information is being moved to multiple locations in the cloud.

Insecure Interfaces: Thirty percent of the tested smartwatches used cloud-based web interfaces, all of which exhibited account enumeration concerns.

In a separate test, 30pc also exhibited account enumeration concerns with their mobile applications. This vulnerability enables hackers to identify valid user accounts through feedback received from reset password mechanisms.

Advertisment

Insecure Software/Firmware: A full 70 percent of the smartwatches were found to have concerns with protection of firmware updates, including transmitting firmware updates without encryption and without encrypting the update files. However, many updates were signed to help prevent the installation of contaminated firmware. While malicious updates cannot be installed, lack of encryption allows the files to be downloaded and analyzed.

Privacy Concerns: All smartwatches collected some form of personal information, such as name, address, date of birth, weight, gender, heart rate and other health information. Given the account enumeration issues and use of weak pas swords o n some products, exposure of this personal information is a concern.

As manufacturers work to incorporate necessary security measures into smartwatches, consumers are urged to consider security when choosing to use a smartwatch.

Advertisment

It’s recommended that users do not enable sensitive access control functions such as car or home access unless strong authorization is offered. In addition, enabling passcode functionality, ensuring strong passwords and instituting two-factor authentication will help prevent unauthorized access to data.

hp iot-hub wearables