Smartwatches dubbed 'new frontier for cyberattack'
HP study finds 'significant vulnerabilities' in all 10 of the 'top' smartwatches it evaluated
Smartwatches have been dubbed a "new and open frontier for cyberattack" by HP after a study it conducted unearthed vulnerabilities in all 10 smartwatches it tested.
Each of the "top" smartwatches HP Fortify evaluated were found to contain "significant vulnerabilities" in areas such authentication and insecure connections to cloud and mobile interfaces.
"Smartwatches have only just started to become a part of our lives, but they deliver a new level of functionality that could potentially open the door to new threats to sensitive information and activities," said Jason Schmitt, general manager, HP Security, Fortify.
"As smartwatch adoption accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks."
Three of the 10 smartwatches evaluated were found to have insufficient user authentication/authorisation, while four were found to fall down in the area of transport encryption. Three had insecure interfaces, while 70 per cent had issues with protection of firmware updates.
And in the area of privacy, all the smartwatches tested collected some form of personal information such as name, address, date of birth, weight, gender, heart rate and other health information.
"Given the account enumeration issues and use of weak passwords on some products, exposure of this personal information is a concern," HP said.
The research comes after figures from Canalys indicated that Apple sold a whopping 4.2 million Apple Watches in Q2, meaning it easily overtook FitBit and Xiaomi to lead the wearable band market.
Security vendors were queuing up to weigh in on how the findings of HP's study demonstrate smartwatches are an emerging security blind spot.
Mark James, security specialist at ESET, said: "With anything new in IT there are often security measures that don't make it due to deadlines enforced through the industry. Keeping up with other manufacturers to be a forerunner in this technology field may force products to be released without the necessary attention to how secure it actually is."
Matt White, senior manager in KPMG's cybersecurity practice, said: "With the high-profile release of smartwatches in recent months, it was inevitable that security flaws were identified. As is often the case, consumer demand for new and exciting technologies have far surpassed the implementation of security measures."
Kevin Bocek, vice president of security strategy at Venafi, said: "Bad guys will likely look for the easy target and a device such as a smartwatch is like waving a red flag to a bull."