Smartwatches vulnerable to attack: HP

Smartwatches vulnerable to attack: HP

HP has claimed that smartwatches with network and communication functionality are highly vulnerable to attack. The company conducted a study on different smartwatch models that are compatible with Android and iOS devices and found that 100 percent of the tested smartwatches have “significant vulnerabilities”.

The company leveraged HP Fortify on Demand to assess as many as 10 smartwatches along with their Android and iOS apps with an aim to uncover the new security concerns. It claims that all the smartwatches represent “a new and open frontier for cyber attack” and have vulnerabilities such as insufficient authentication, lack of encryption and privacy concerns.

“Smartwatches have only started to become a part of our lives, but they deliver a new level of functionality and we will increasingly use them for sensitive tasks,” said Jyoti Prakash, Country Director, India and SAARC countries, HP Enterprise Security Products (ESP), “As this activity accelerates, the watch platform will become vastly more attractive to those who would abuse that access, and it’s critical that we take precautions when transmitting personal sensitive data or bringing smartwatches into the workplace.”

One of the most common security issues reported in the study is the insufficient user authentication among smartwatches. HP says that every smartwatch tested was paired with a mobile interface that lacked two-factor authentication. Also, it notes that there is no ability to lock out accounts after some failed password attempts.

Apple Watch

Apple Watch

Apart from the insufficient user authentication, HP claims that the data transportation from a connected mobile device to the smartwatch does not have any secure encryption. The company confirms that the test devices implemented encryption using SSL/TSL but 40 percent of the cloud connections continue to be vulnerable to the POODLE attack and allow the use of weak cyphers.

The study also reveals that thirty percent of the tested smartwatches used cloud-based web interfaces without any security layer, and a full of 70 percent of smartwatches were found to have concerns with protection of firmware updates.

Moreover, all smartwatches that the company tested for its study collected some form of personal information like user’s name, address, date of birth or gender that could be exposed to attackers.

Users are recommended to keep disable any sensitive access control functions such as car or home access on their smartwatches unless a strong authorisation is provided from the manufacturer end. Likewise, if possible, users should have to enable passcode functionality with using a two-factor authentication to prevent any unauthorised access to their personal data.

“These security measures are not only important to protecting personal data, but are critical as smartwatches are introduced to the workplace and connected to corporate networks,” HP says in the report.

It is not the first time when a study found vulnerability in the recently emerged wearables. A similar study conducted by Kaspersky Lab earlier this year claimed that Android-compatible smart wristbands can easily be hacked by attackers. That study mentioned that users must have to use only officially recommended apps with their wristbands to make their personal data secure.

According to research firm IDC, worldwide wearables market that mainly includes smartwatches and smart wristbands is expected to grow 173 percent this year.

Google is expanding its Android Wear platform with adding more features as well as hardware partners to lead the smartwatch market, whereas Apple is in development to compete against Android Wear-based smartwatches with the Apple Watch, which is so far available in 16 countries worldwide.

Categories: Miscellenous News