HP Study Reveals Smartwatches Vulnerable to AttackHP Fortify finds 100 percent of tested smartwatches exhibit security flaws, provides guidance for secure device use
PALO ALTO, Calif., July 22, 2015 As part of an ongoing series looking at Internet of Things (IoT) security, HP today unveiled results of an assessment confirming that smartwatches with network and communication functionality represent a new and open frontier for cyberattack. The study conducted by HP Fortify found that 100 percent of the tested smartwatches contain significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns1. In the report HP provides actionable recommendations for secure smartwatch development and use, both at home and in the workplace.
As the IoT market advances, smartwatches are growing in popularity for their convenience and capabilities. As they become more mainstream, smartwatches will increasingly store more sensitive information such as health data, and through connectivity with mobile apps may soon enable physical access functions including unlocking cars and homes.
Smartwatches have only just started to become a part of our lives, but they deliver a new level of functionality that could potentially open the door to new threats to sensitive information and activities, said Jason Schmitt, general manager, HP Security, Fortify. As the adoption of smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks.
The HP study questions whether smartwatches are designed to store and protect the sensitive data and tasks for which they are built. HP leveraged HP Fortify on Demand to assess 10 smartwatches, along with their Android and iOS cloud and mobile application components, uncovering numerous security concerns.
The most common and easily addressable security issues reported include:
Insufficient User Authentication/Authorization: Every smartwatch tested was paired with a mobile interface that lacked two-factor authentication and the ability to lock out accounts after 3-5 failed password attempts. Three in ten, 30 percent, were vulnerable to account harvesting, meaning an attacker could gain access to the device and data via a combination of weak password policy, lack of account lockout, and user enumeration.
Lack of transport encryption: Transport encryption is critical given that personal information is being moved to multiple locations in the cloud. While 100 percent of the test products implemented transport encryption using SSL/TLS, 40 percent of the cloud connections continue to be vulnerable to the POODLE attack, allow the use of weak cyphers, or still used SSL v2.
Insecure Interfaces: Thirty percent of the tested smartwatches used cloud-based web interfaces, all of which exhibited account enumeration concerns. In a separate test, 30 percent also exhibited account enumeration concerns with their mobile applications. This vulnerability enables hackers to identify valid user accounts through feedback received from reset password mechanisms.
Insecure Software/Firmware: A full 70 percent of the smartwatches were found to have concerns with protection of firmware updates, including transmitting firmware updates without encryption and without encrypting the update files. However, many updates were signed to help prevent the installation of contaminated firmware. While malicious updates cannot be installed, lack of encryption allows the files to be downloaded and analyzed.
Privacy Concerns: All smartwatches collected some form of personal information, such as name, address, date of birth, weight, gender, heart rate and other health information. Given the account enumeration issues and use of weak passwords on some products, exposure of this personal information is a concern.
As manufacturers work to incorporate necessary security measures into smartwatches, consumers are urged to consider security when choosing to use a smartwatch. It's recommended that users do not enable sensitive access control functions such as car or home access unless strong authorization is offered. In addition, enabling passcode functionality, ensuring strong passwords and instituting two-factor authentication will help prevent unauthorized access to data. These security measures are not only important to protecting personal data, but are critical as smartwatches are introduced to the workplace and connected to corporate networks. Additional guidelines for secure smartwatch use are outlined in the full report.
For more information, visit the first report in this IoT series, 2014 HP Internet of Things Research Study, which reviews the security of 10 of the most common IoT devices. In addition, the 2015 HP Home Security Systems Report reviews the 10 of the most common Internet-connected home security systems.
Methodology
Conducted by HP Fortify, the HP Smartwatch Security Study used the HP Fortify on Demand IoT testing methodology which combined manual testing along with the use of automated tools. Devices and their components were assessed based on the OWASP Internet of Things Top 10 and the specific vulnerabilities associated with each top 10 category.
All data and percentages for this study were drawn from the 10 smartwatches tested during this study. While there are certainly a fair number of smartwatch devices already on the market, and that number continues to grow, HP believes the similarity in results of the 10 smartwatches provides a good indicator of the current security posture of smartwatch devices.
1 HP Internet of Things Security Report: Smartwatches, HP, July 2015
About HP Security
HP enables organizations to take a proactive approach to security, disrupting the life
Most recent headlines
04/08/2024
Dalet, a leading technology and service provider for media-rich organizations, is excited to announce Santiago Solanas as its new Chief Executive Officer (CEO)....
03/06/2024
Dalet, a leading technology and service provider for media-rich organizations, a...
08/05/2024
zweiB updates to latest version of R&S CLIPSTER Specialist in deliverables for cinema, events and trade shows
Rohde & Schwarz, a global leader in broadcast...
07/05/2024
NAB Show 2024
Utah Scientific rocked the 2024 NAB Show in Las Vegas, unveiling two new game-changers in video signal management.
Our primary focus this yea...
07/05/2024
7th May 2024 The nations favourite comedy channel Gold has teamed up with the ma...
07/05/2024
There's something special about summer. We're not sure whether it's the warmer weather, the longer days, or something else a bit more magical, but s...
07/05/2024
NITV appoints Michael Rennie as Presenter and Senior Producer for NITV News
Media releases
NITV has announced the appointment of Michael Rennie as Presenter...
07/05/2024
The ability for line-of-site tactical voice and data networks to seamlessly traverse over Satellite Communications is an emerging requirement to assure warfight...
07/05/2024
On April 5, 2024, the L3Harris Avionics Products Repair Station (NN2R037L) in Gr...
07/05/2024
eds3_5_jq(document).ready(function($) { $(#eds_sliderM519).chameleonSlider_2_1({ content_source:......
07/05/2024
Share this article
width=32 height=32 loading=lazy data-lazy-src=https://apogeedigital.com/app/themes/juniper-theme/src/img/icons/facebook-purple.svg />
wid...
07/05/2024
BURBANK, Calif. The Walt Disney Company has finally delivered some from profits from its hefty streaming investments, with the second quarter of its fiscal year...
07/05/2024
Bonnie Hammer, vice chair of NBCUniversal, and Jen Psaki, MSNBC host, read from their new books at the 92nd Street Y in Manhattan Wednesday, May 8. Hammer's...
07/05/2024
Paramount Plus has ordered the series Crutch, a comedy that is a spinoff of CBS comedy The Neighborhood. Tracy Morgan stars....
07/05/2024
Edward J. and Melody Thomas Scott and Lidia Bastianich will receive Lifetime Achievement honors at the 51st annual Daytime Emmy Awards in June, the National Aca...
07/05/2024
The 2024 Giants of Broadcasting & Electronic Arts luncheon and awards ceremony happens in New York November 12, and the honorees are Al Roker, weather and featu...
07/05/2024
Dabl Network has added The Wayans Bros., The Jamie Foxx Show, Living Single and Everybody Hates Chris to its weekday and weekend lineups. Those shows join the l...
07/05/2024
After winning a proxy fight, The Walt Disney Co. said its entertainment business turned a profit and added subscribers in its fiscal second quarter....
07/05/2024
NBA Entertainment is closing out the second season of its series Pass the Rock with a look at Victor Wembanyama of the San Antonio Spurs, the league's rooki...
07/05/2024
Syncbak, which provides stations with streaming capabilities, said it is rebranding as Zeam Media....
07/05/2024
Samsung has made a deal with Magnolia Pictures that will bring titles from Magnolia to the Samsung TV Plus free streaming platform....
07/05/2024
Amazon, which has added commercials to Amazon Prime Video, is rolling out new interactive ad formats that will enable advertisers to engage streamers and sell s...
07/05/2024
Syncbak, a 15 year-old provider of streaming tech for local broadcast stations has rebranded itself, adopting the name of its streaming service launched in Febr...
07/05/2024
POST Luxembourgs journey with TAG Video underscores how finding a vendor who und...
07/05/2024
PORTSMOUTH, N.H. New findings from Hub Entertainment Research provides extensive data showing that the majority of consumers will opt for lower cost ad-supporte...
07/05/2024
NEW YORK The Library of American Broadcasting Foundation (LABF) has announced th...
07/05/2024
CBS News has named Lindsey Reiser an anchor and correspondent for CBS News 24/7, the network's live, streaming news service. Reiser, who was most recently a...
07/05/2024
NEEDHAM, Mass. After more than two years of decline, worldwide tablet shipments posted modest year-over-year growth of 0.5% in the first quarter of 2024 (1Q24),...
07/05/2024
ESPN is reporting that April was a record-setting month as the network delivered its best April prime time audience on record, dating back more than 30 years....
07/05/2024
WASHINGTON, D.C. The National Association of Broadcasters (NAB) has announced that Kirsten Donaldson has joined NAB as vice president of public policy. Donaldso...
07/05/2024
The Bulls are back home again this week from May 7-12! Don't miss out on any...
07/05/2024
SVG Sit-Down: AWS's Julie Souza on the Cloud and AI in Broadcast-Content Cre...
07/05/2024
Deloitte Analysts Peter Giorgio and Michael Vovk: Sports Properties Need To Reth...
07/05/2024
University of Texas' Jeff Hanel to Keynote 16th-Annual SVG College Summit Industry vet to discuss uniting live and creative in athletic department media arm...
07/05/2024
Premier League trials RefCam during Crystal Palace v Manchester United fixture By George Bevir
Tuesday, May 7, 2024 - 09:34
Print This Story
In a Premier ...
07/05/2024
CBS Sports Previews PGA Championship Plans; 125+ Cameras Include FlyCams, Bunker...
07/05/2024
Rohde & Schwarz brings cutting-edge solutions to TECNOSEC and DRONExpo 2024 Rohde & Schwarz will showcase its innovative portfolio at TECNOSEC and DRONExpo 20...
07/05/2024
Back to All News
Five New Games Join Netflix in May
Netflix Staff
Entertainment
07 May 2024
Global
Link copied to clipboard
Five new games are launching ...
07/05/2024
Back to All News
Top 10 Week of Apr. 29: Baby Reindeer' Holds Strong; Hee...
07/05/2024
Home News & Press Blancco Wins 2024 SEAL Business Sustainability Award
Blancco Wins 2024 SEAL Business Sustainability Award May 07, 2024
Blancco's v...
07/05/2024
CUPERTINO, CALIFORNIA Apple today unveiled the all-new Logic Pro for iPad 2 and Logic Pro for Mac 11, delivering breakthrough professional experiences for songw...
07/05/2024
Apple's new Privacy Manifest requirement mandates that apps explicitly disclose the privacy-related data they collect, the purposes for this collection, and...
07/05/2024
Taylor Swift's Eras Tour arrives to shake up EuropeHaving shaken four continents, Taylor Swift's Eras Tour finally brings the biggest pop culture icon o...
07/05/2024
Isiphetho: Destiny' beats Scandal!'E.tv's latest telenovela Isiphetho: Destiny' beat the channel's longest running soapie, Scandal!' ...
07/05/2024
Now there's HELP for ex-prisoners to find work in South AfricaNew initiative for ex-prisoners to find work in South Africa proves it's never too late fo...
07/05/2024
Tonight on Scandal: Cohen is pulled into keeping a secretDon't miss Tuesday, 7 May's riveting episode of South African soapie Scandal! on e.tv on DStv c...
07/05/2024
Skeem Saam: Monday's episode, 6 May 2024 [video]Missed an episode of Skeem Saam? No problem! Watch the latest episode of your favourite South African soapie...
06/05/2024
By Ilyse McKimmie
Now, more than ever
That's a phrase so often used in the last few years that I've come to dread seeing it in notes like this one. A...
06/05/2024
alt= class=wp-image-12099 data-lazy-src=/wp-content/uploads/2024/05/Blog-Exabyte-Storage-Demand-960x540-1.jpg/> Demand for storage solutions has reached unprece...
HP Study Reveals Smartwatches Vulnerable to AttackHP Fortify finds 100 percent of tested smartwatches exhibit security flaws, provides guidance for secure device use
