After testing 10 wearable devices from a security perspective, HP concludes that the most popular watches are vulnerable in at least one area.
The rise of wearable technology has resulted in a slew of smartwatches, fitness bands and other such gadgets invading the market, but it seems that even the best-selling wearables are deficient in terms of security.
HP conducted a test on 10 wearable devices, focusing on the efficacy of their security features such as password protection and data encryption. The company claims that all smartwatches tested have at least one area that raises security concerns.
In this study, HP analyzed 10 of the best-selling smartwatches currently available on the market, looking at their security features "from an attacker's perspective." As the company explains, the study takes into account the management capabilities of a smartwatch, as well as network posture and mobile and cloud interfaces, among other things.
"The results of our research were disappointing, but not surprising. We continue to see deficiencies in the areas of authentication and authorization along with insecure connections to cloud and mobile interfaces," HP points out [pdf]. "Privacy concerns are magnified as more and more personal information is collected (including health information). Issues with the configuration and implementation of SSL/TLS that could weaken data security were also present."
HP notes that it tested the 10 smartwatches for the security features the Open Web Application Security Project recommends and found that only half the smartwatches come with a lock function to prevent unauthorized data access and nine of the watches send unencrypted data. Moreover, a third of the devices allowed unlimited login attempts, which could allow someone to guess the password, and two of the devices allowed for easy pairing with a different phone.
The company doesn't specifically list the smartwatches it tested. Considering that the test involved top-selling smartwatches, however, gadgets from Apple, Samsung, Sony and Pebble are likely on the list.
Authentication and lack of proper encryption are the main two security flaws affecting smartwatches, according to the study.
In light of these disappointing findings, HP suggests that consumers should limit the amount of personal information they share with their wearable device, as hacking might compromise the data. At the same time, users should set up strong passwords, enable two-factor authentication and avoid pairing the wearable gadget with unknown devices.