Smartwatches open new hacking risk

A study found that 100 percent of the tested smartwatches contain significant vulnerabilities

Afp July 23, 2015
A study found that 100 percent of the tested smartwatches contain significant vulnerabilities. PHOTO: AFP/FILE

WASHINGTON: The surging market for smartwatches opens up new ground for hackers, according to researchers who found vulnerabilities in all the devices they tested.

A study by Hewlett-Packard's HP Fortify found "that 100 percent of the tested smartwatches contain significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns," the company said in releasing the findings Wednesday.

The researchers found "that smartwatches with network and communication functionality represent a new and open frontier for cyberattack," the report said.

Read: Tech news: Apple gives first hands-on look at smartwatch

The research highlights the cyber risks from the growing number of connected devices -- such as refrigerators, cars, coffee makers and lightbulbs -- sometimes referred to as the "Internet of Things."

Smartwatches could pose special risks because they may store sensitive information such as health data, and could connect to cars and homes to unlock them, HP said.

"Smartwatches have only just started to become a part of our lives, but they deliver a new level of functionality that could potentially open the door to new threats to sensitive information and activities," said Jason Schmitt, general manager at HP Security.

Read: The top five smart-watches to own in 2015

"As the adoption of smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks."

The HP study looked at 10 smartwatches, along with their Android and Apple iOS cloud and mobile application components.

The biggest problems included weak authentication, making it easy for an attacker to gain access, and a lack of encryption.

All the smartwatches collected some form of personal information, such as name, address, date of birth, weight, gender, heart rate and other health information.