Computer Security Technology Ltd

+44 (0)20 7621 7836 LinkedInTwitter

+44 (0)20 7621 7836 CSTL LinkedInCSTL Twitter

September 28, 2015

HP finds all smartwatches vulnerable to attack

A recent study by Hewlett Packard reveals that in a test of ten smartwatches, each one showed either insufficient authentication, a lack of encryption or concerns surrounding privacy.

Computing giant HP tested the security credentials of ten smartwatches, and found that all exhibited “significant” vulnerabilities and flaws.

With smartwatches roundly hyped as the next revolution in mobile communication, talk has inevitably turned to their security features – or in this case, flaws. In its test of ten smartwatches, HP found that each one showed either insufficient authentication, a lack of encryption or privacy concerns.

The biggest, most common problem involved privacy. Every device that was tested collected personal information on the user, such as their name, date of birth and biometrics. With account enumeration issues and weak passwords commonplace, every single one was said to pose a risk.

Meanwhile, seven of the smartwatches involved in the test were found to have issues with the protection of firmware updates. Although HP noted that signed updates meant nothing malicious could be installed, it did still allow the programs to be downloaded and analysed.

Mentioning no names – but all models are at risk

Whilst the specific smartwatches used in the test were not disclosed, HP believes its testing could be applied to the market as a whole. It noted that whilst there are a large and growing number of devices on the market, the similarity of results across the ten that it tested provided a “good indicator” of the current security posture of smartwatch devices. Commenting on the findings, HP’s Jason Schmitt told “Smartwatches have only just started to become a part of our lives, but they deliver a new level of functionality that could potentially open the door to new threats to sensitive information and activities.

“As the adoption of smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks.”

Not content with just identifying these flaws, the HP report saw a number of solutions offered to the smartwatch manufacturers so they could remedy any issues.