Gartner, Inc. forecasts that 4.9 billion connected things will be in use in 2015, up 30 percent from 2014, and will reach 25 billion by 2020. A good portion of that number will be wearable devices; specifically smartwatches.
Smartwatches have been gaining popularity in the last year as a convenient wearable device that connects the user to other pieces of technology. The appeal to the mass market boomed with Apple’s release of the Apple Watch and other companies such as Samsung and Microsoft releasing their own versions later that year.
But how safe are they?
With the increase in the adoption of smartwatches, these wearable devices become a new avenue for threats to personal and sensitive information – not just for the users but also for the companies they work for. Users are wearing their smartwatches to work and connecting them to the corporate network. The concern is that the smartwatch users are opening doors for hackers that previously did not exist.
A recent study by computer manufacturer Hewlett-Packard has found that smartwatches pose a credible threat to corporate networks; warning smartwatch users (including Apple Watch and Samsung Gear users) that their wearable devices are vulnerable to cyber-attacks. In this study, HP’s Security Fortify tested today’s top 10 consumer smartwatches for security features and vulnerabilities such as basic data encryption, password protection and privacy concerns. HP’s security experts found that every wearable device they tested contained at least one serious security vulnerability. Not one smartwatch was found to be 100 percent safe from hacking.
Jason Schmitt, general manager at HP’s Security Fortify said in a statement “As the adoption of Smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting Smartwatches into corporate networks.”
The experts would not disclose the names of manufacturers whose devices they had tested, but they are working with vendors to “build security into their products before they put them out to market.” Meanwhile, HP urges users to not connect their smartwatches to sensitive access control functions like cars or homes unless strong authorization is offered.
List of Issues Reported by HP’s study:
- Lack of transport encryption – Though all products implemented transport encryption using SSL/TLS, 40 percent of devices were found to be either vulnerable to the POODLE attack, allowing the use of weak cyphers, or were still using older and more vulnerable versions of SSL.
- Insecure Interfaces – Three out of ten smartwatches used cloud-based web interfaces and all of them were vulnerable to account harvesting.
- Insufficient User Authentication/Authorization – Three out of ten smartwatches did not offer Two-Factor Authentication or locked the accounts after 3 to 5 failed password attempts.
- Insecure Software/Firmware – Seven out of ten smartwatches had issues with firmware updates. The wearable devices often did not receive encrypted firmware updates.
- Privacy Concerns –All of the tested devices collected some form of personal information; including username, address, date of birth, gender, heart rate, weight and other health information.
Click Here to view the complete HP Security “Internet of Things Security Study: Smartwatches” Report in PDF format.