The smartwatch on your wrist may have given you a new level of convenience but it appears to do so at a cost. A new study by Hewlett-Packard’s HP Fortify security unit has found that all smartwatches come with significant security vulnerabilities, “including insufficient authentication, lack of encryption and privacy concerns.”
HP tested 10 popular smartwatches along with their paired Android or iOS mobile device and application. Not one passed its test. The top two issues were insufficient user authentication and insufficient encryption. For the first, HP found that no smartwatch supported two-factor authentication and the ability to lock out accounts after a number of failed password attempts when paired with a mobile interface. And while they all used some kind of transport encryption, 40% of cloud connections used older protocols vulnerable to the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack, weak cyphers that are easy to crack or SSL v2 which has been cracked.
“Smartwatches have only just started to become a part of our lives, but they deliver a new level of functionality that could potentially open the door to new threats to sensitive information and activities,” said Jason Schmitt, general manager, HP Security, Fortify. “As the adoption of smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks.”
HP recommends that smartwatch users either disable features that enable sensitive access control such as as car or home access unless strong authorization is offered. It also suggests setting up strong passwords, using two-factor authentication where possible and avoiding pairing with unknown devices.
The HP Fortify study did not identify the specific smartwatches tested. It did notify the respective manufacturers of their findings. Here’s hoping that we’ll soon see firmware and app updates to address these issues.
Source : Hewlett-Packard