HP study finds that there's no such thing as a secure smartwatch

HP study finds that there's no such thing as a secure smartwatch

According to a new study from HP, 100 percent of connected smartwatches manifest some sort of significant security vulnerability. Among the major threats, HP has identified insufficient authentication security, the lack of encryption, as well as a range of other privacy concerns. 

HP's study revealed that not one of the 10 smartwatches involved in the test pairs with the smartphone through two-factor authentications. Furthermore, they all also lack the ability to temporarily lock out accounts after 3-5 number of failed password attempts. What this means is that hackers can generally hack smartwatch accounts through brute force attacks, trying all possible passwords until the right one comes up.

70 percent of the tested smartwatches have hidden vulnerabilities in the way that they receive firmware updates. Fortunately, the updates are digitally signed, meaning that hackers cannot install altered firmware. On the downside, hackers can download these insecure updates and analyze them in order to find other vulnerabilities that they can exploit.

40% of the tested smartwatches have vulnerabilities caused by their transport encryption protocol, despite the fact that all of them implement transport encryption using SSL/TLS. The report also claims that, since smartwatches are loaded will a wide range of personal data, such as names, physical addresses, contacts, and even health data, this new device form factor currently pose a ranges of security concerns, especially in its insecure current form.

As smartwatches continue to get traction in both consumer and business sectors, these vulnerabilities will have to be fixed in order to make sure that hackers aren't simply being pointed towards a new wide-open door they can sneak through. There's no better time to act on these security threats and create secure protocols and systems than now, before the entire Internet of Things trend blows into full scale. The general consensus among analysts is that the IoT movement will give us the option to manipulate not only devices, but also our cars, and even our homes on the go. At the moment, however, it looks like the added connectivity comes with a grave security risk.

source: HP via The Register

FEATURED VIDEO

4 Comments

1. My1cent

Posts: 370; Member since: Jan 30, 2014

easy come, easy go..

2. hwb01

Posts: 355; Member since: Apr 17, 2014

Will you let me go?

3. My1cent

Posts: 370; Member since: Jan 30, 2014

Everyone will go.. in bulk! ...to the highest bidder!!

4. TheHitman1982

Posts: 89; Member since: Dec 30, 2014

Did HP test their own Smart Watch? Im sure they didn't.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.