SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
23 Jul 2015

Smartwatch security fails to impress

A research study conducted by Hewlett-Packard has found serious security issues in today's top smartwatch wearable devices.

Smartwatches are part of the wearable device trend, which extends from medical devices and fitness trackers to acting as an extension of your smartphone.

The Apple Watch and Android Wear are examples of popular wearable devices on the market which can pair with smartphones and allow you to view online notifications, send messages and control apps through either the small display or through voice control. Wearables can be useful and have grown in popularity with the arrival of the Internet of Things (IoT) concept in the marketplace. However, as smartwatches become mainstream, cybercriminals have been gifted with a new avenue to exploit in the quest to steal valuable data.

Revealed on Wednesday, HP's Smartwatch Security Study suggests that while wearable technology is on the rise, security has been left behind. The tech giant's research team combined manual testing along with the use of digital tools and HP Fortify on Demand -- on both iOS and Android-based smartwatches -- to evaluate a total of 10 of today's "top" devices on the market.

In HP's words, the results were "disappointing, but not surprising." The tech giant found that every one of the ten devices analyzed contained significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns. HP found insufficient user authentication and authorization to be common issues within smartwatches. Every smartwatch tested was paired with a user interface which lacked two-factor authentication or the ability to lock out accounts after a select number of failed password input attempts. In total, 30 percent of the devices analyzed were vulnerable to account harvesting in one form or another.

The researchers also found that smartwatches demonstrated a lack of transport encryption protocols. While every device implemented encryption using SSL/TLS, 40 percent of devices continue to be vulnerable to known vulnerabilities such as POODLE, or still used SSL v2. In total, 30 percent of smartwatches use cloud-based web interfaces, which HP said "exhibited account enumeration concerns." In separate tests, HP said this arrangement enabled hackers to identify valid user accounts through reset password services.

In addition, seven out of 10 devices analyzed were found to have problems with firmware updates. The smartwatches often did not receive encrypted firmware updates, and while a number of updates were signed to help prevent malicious code or contaminated updates from being installed, a lack of encryption did allow files to be downloaded and looked at elsewhere.

Finally, HP says smartwatches demonstrate a risk to personal security and privacy. All the smartwatches analyzed collected some form of personal identifiable information -- and when combined with lax security, you are placing consumers at risk. "Smartwatches have only just started to become a part of our lives, but they deliver a new level of functionality that could potentially open the door to new threats to sensitive information and activities," said Jason Schmitt, general manager of HP Security at Fortify.

"As the adoption of smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks."

While vendors work to boost the security of wearable devices, HP recommends that consumers do not enable sensitive access control functions such as car or home access -- in other words, do not connect your smartwatch to the keys to your kingdom -- unless you have some means of implementing strong authorization measures. In addition, putting standard security measures in place such as a strong password and two-factor authentication can help keep your device and data safe.

Tags:
information leaks iOS Android
Source:
ZDNet
2576
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015