A study conducted by HP using its Fortify security suite found that all of the smartwatches tested during the study contained significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns. HP used the HP Fortify on Demand to assess 10 smartwatches, along with their Android and iOS cloud and mobile application components, to uncover numerous security concerns.
HP said that the latest study shows that smartwatches with network and communication functionality represent a new and open frontier for cyberattack
As smartwatches are fast becoming more mainstream, HP said that the security aspects are critical as smartwatches will increasingly store more sensitive information such as health data, and through connectivity with mobile apps may soon enable physical access functions including unlocking cars and homes.
Elaborating on the insufficiency of authentication and authorization security processes, the company said that every smartwatch tested was paired with a mobile interface that lacked two-factor authentication and the ability to lock out accounts after 3-5 failed password attempts.
Jason Schmitt, general manager, HP Security, Fortify
Smartwatches have only just started to become a part of our lives, but they deliver a new level of functionality that could potentially open the door to new threats to sensitive information and activities. As the adoption of smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks.