HP study warns smartwatches users, says devices still not secure

HP study suggests smartwatches are not designed to store and protect the sensitive data

HP Smartwatch study,Smartwatches not secure, Smartwatches data privacy, Smartwatches security, Smartwatch privacy, Android Wear smartwatch, Smartwatch study by HP, Technology, technology news, wearables,

Samsung Gear 2 smartwatch. Image used for representational purposes only.

A security assessment by HP has found that all the smartwatches it tested contain significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns. This is significant as all smartwatches store sensitive information such as health data and will soon enable physical access functions including unlocking cars and homes.

“Smartwatches have only started to become a part of our lives, but they deliver a new level of functionality and we will increasingly use them for sensitive tasks,” said Jyoti Prakash, Country Director, India and SAARC countries, HP Enterprise Security Products (ESP), “As this activity accelerates, the watch platform will become vastly more attractive to those who would abuse that access, and it’s critical that we take precautions when transmitting personal sensitive data or bringing smartwatches into the workplace.”

The HP study suggests smartwatches are not designed to store and protect the sensitive data and tasks for which they are built.

The report said insufficient user authentication or authorisation, lack of transport encryption, insecure interfaces and software/firmware were most common and easily addressable security issues. There were also privacy concerns as all smartwatches collected some form of personal information or the other which were being exposed.

The report suggests that consumers consider security when choosing a smartwatch and recommends they do not enable sensitive access control functions such as car or home access unless strong authorisation is offered.

“In addition, enabling passcode functionality, ensuring strong passwords and instituting two-factor authentication will help prevent unauthorized access to data. These security measures are not only important to protecting personal data, but are critical as smartwatches are introduced to the workplace and connected to corporate networks,” it said.

HP’s Smartwatch Security Study, conducted by HP Fortify and leveraging HP Fortify on Demand, used manual testing along with automated tools on 10 different smartwatches. While there are certainly a fair number of smartwatch devices already on the market, and that number continues to grow, HP says the similarity in results of the 10 smartwatches provides a good indicator of the current security posture of smartwatch devices.