HP study finds that there's no such thing as a secure smartwatch
HP's study revealed that not one of the 10 smartwatches involved in the test pairs with the smartphone through two-factor authentications. Furthermore, they all also lack the ability to temporarily lock out accounts after 3-5 number of failed password attempts. What this means is that hackers can generally hack smartwatch accounts through brute force attacks, trying all possible passwords until the right one comes up.
70 percent of the tested smartwatches have hidden vulnerabilities in the way that they receive firmware updates. Fortunately, the updates are digitally signed, meaning that hackers cannot install altered firmware. On the downside, hackers can download these insecure updates and analyze them in order to find other vulnerabilities that they can exploit.
40% of the tested smartwatches have vulnerabilities caused by their transport encryption protocol, despite the fact that all of them implement transport encryption using SSL/TLS. The report also claims that, since smartwatches are loaded will a wide range of personal data, such as names, physical addresses, contacts, and even health data, this new device form factor currently pose a ranges of security concerns, especially in its insecure current form.
As smartwatches continue to get traction in both consumer and business sectors, these vulnerabilities will have to be fixed in order to make sure that hackers aren't simply being pointed towards a new wide-open door they can sneak through. There's no better time to act on these security threats and create secure protocols and systems than now, before the entire Internet of Things trend blows into full scale. The general consensus among analysts is that the IoT movement will give us the option to manipulate not only devices, but also our cars, and even our homes on the go. At the moment, however, it looks like the added connectivity comes with a grave security risk.