Breaking News

G.SKILL Announces T5 Neo Series DDR5-6400 CL38 512GB (64GBx8) Overclocked R-DIMM Memory Kit with AMD EXPO Support for AMD Ryzen Threadripper PRO Workstations ZOTAC to Launch GeForce RTX 5090 ARCTICSTORM AIO & GeForce RTX 5060 Low Profile KIOXIA Commences Sample Shipments of 9th Generation BiCS FLASH 512Gb TLC Devices Synology Unveils DiskStation DS225 Plus New PS5 system update beta previews DualSense wireless controller pairing across multiple devices

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

HP Says Smartwatches Vulnerable to Attack

HP Says Smartwatches Vulnerable to Attack

Smartphones Jul 23,2015 0

HP today unveiled results of an assessment confirming that smartwatches with network and communication functionality represent a new and open frontier for cyberattack. The study conducted by HP Fortify found that 100 percent of the tested smartwatches contain significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns. In the report HP provides recommendations for secure smartwatch development and use, both at home and in the workplace.

Smartwatches are slowly growing in popularity and will soon store more sensitive information such as health data. Through connectivity with mobile apps may soon enable physical access functions including unlocking cars and homes.

The study questions whether smartwatches are designed to store and protect the sensitive data and tasks for which they are built. HP leveraged HP Fortify on Demand to assess 10 smartwatches, along with their Android and iOS cloud and mobile application components, uncovering numerous security concerns.

The most common and easily addressable security issues reported include:

  • Insufficient User Authentication/Authorization: Every smartwatch tested was paired with a mobile interface that lacked two-factor authentication and the ability to lock out accounts after 3-5 failed password attempts. Three in ten, 30 percent, were vulnerable to account harvesting, meaning an attacker could gain access to the device and data via a combination of weak password policy, lack of account lockout, and user enumeration.
  • Lack of transport encryption: Transport encryption is critical given that personal information is being moved to multiple locations in the cloud. While 100 percent of the test products implemented transport encryption using SSL/TLS, 40 percent of the cloud connections continue to be vulnerable to the POODLE attack, allow the use of weak cyphers, or still used SSL v2.
  • Insecure Interfaces: Thirty percent of the tested smartwatches used cloud-based web interfaces, all of which exhibited account enumeration concerns. In a separate test, 30 percent also exhibited account enumeration concerns with their mobile applications. This vulnerability enables hackers to identify valid user accounts through feedback received from reset password mechanisms.
  • Insecure Software/Firmware: A full 70 percent of the smartwatches were found to have concerns with protection of firmware updates, including transmitting firmware updates without encryption and without encrypting the update files. However, many updates were signed to help prevent the installation of contaminated firmware. While malicious updates cannot be installed, lack of encryption allows the files to be downloaded and analyzed.
  • Privacy Concerns: All smartwatches collected some form of personal information, such as name, address, date of birth, weight, gender, heart rate and other health information. Given the account enumeration issues and use of weak passwords on some products, exposure of this personal information is a concern.

HP recommends that users do not enable sensitive access control functions such as car or home access unless strong authorization is offered. In addition, enabling passcode functionality, ensuring strong passwords and instituting two-factor authentication will help prevent unauthorized access to data.

Tags: smartwatches
Previous Post
Intel And Rackspace To Promote The Benefits of the Cloud Through New Initiative
Next Post
Technicolor Takes Over Cisco's Set-top box Business

Related Posts

  • Realme India Announces Smartwatch and TVs

  • Electrocardiogram Monitoring Cleared for Galaxy Watch Active2 by South Korea

  • Apple Watch Nike Pride Edition Sport Band Released

  • Global Smartwatch Shipments Grow 20 Percent in Q1 2020, Apple Maintains 1st Position

  • Verizon Buys Video-Chat Venture Blue Jeans, Unveils Care Smart Watch

  • Germany Launches Official Smartwatch App to Monitor Coronavirus

  • Huawei Unveils the Watch GT 2E Smartwatch

  • TAG Heuer's Connected Smartwatches Start at $1,800

Latest News

G.SKILL Announces T5 Neo Series DDR5-6400 CL38 512GB (64GBx8) Overclocked R-DIMM Memory Kit with AMD EXPO Support for AMD Ryzen Threadripper PRO Workstations
PC components

G.SKILL Announces T5 Neo Series DDR5-6400 CL38 512GB (64GBx8) Overclocked R-DIMM Memory Kit with AMD EXPO Support for AMD Ryzen Threadripper PRO Workstations

ZOTAC to Launch GeForce RTX 5090 ARCTICSTORM AIO & GeForce RTX 5060 Low Profile
GPUs

ZOTAC to Launch GeForce RTX 5090 ARCTICSTORM AIO & GeForce RTX 5060 Low Profile

KIOXIA Commences Sample Shipments of 9th Generation BiCS FLASH 512Gb TLC Devices
Enterprise & IT

KIOXIA Commences Sample Shipments of 9th Generation BiCS FLASH 512Gb TLC Devices

Synology Unveils DiskStation DS225 Plus
Enterprise & IT

Synology Unveils DiskStation DS225 Plus

New PS5 system update beta previews DualSense wireless controller pairing across multiple devices
Gaming

New PS5 system update beta previews DualSense wireless controller pairing across multiple devices

Popular Reviews

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

Noctua NH-D15 G2

Noctua NH-D15 G2

Soundpeats Pop Clip

Soundpeats Pop Clip

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

be quiet! Pure Base 501

be quiet! Pure Base 501

Terramaster F8-SSD

Terramaster F8-SSD

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed