What HP's smartwatch security warning means for your wearable data

Keeping your life on your wrist could be risky
HP's smartwatch security warning explained

HP has found security flaws on 10 different wearables and is warning users to be aware their data could be at risk.

The HP security study for smartwatches found high level security flaws in all 10 unidentified smartwatches it tested.

The main two issues were authentication and lack of encryption. Nearly a third of the devices tested had problems with a lack of two-factor password protection and account lock-out options.

The general manager of HP's Fortify division, Jason Schmitt said: "As the adoption of smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks."

Read this: Wearables are only secure until they become worth hacking

Another issue found was the encryption of the device's TLS or SSL connections. The what now? Well, TLS and its predecessor SSL, provide an encrypted connection to provide security over a computer network, allowing you to transmit private data online.

HP found that 40% of smartwatch connections to the cloud were vulnerable to Poodle (Padding Oracle On Downgraded Legacy Encryption), an exploit which can be used to attack browser based communication that uses SSL 3.0.

Yet another concern was that seven of the smartwatches had vulnerabilities with insecure software or firmware. Firmware updates had no encryption, however, many updates were signed to try and prevent the installation of infected firmware.

With wearables making more and more use of our personal data - from fitness stats to health records, manufacturers should be looking to make security a high priority. At MWC, Intel even announced plans to bundle McAfee anti-virus software in with the LG Watch Urbane LTE.

For anyone who is worried about wearing a hackable smartwatch or fitness tracker, the report suggests you limit the amount of personal information you put on your wearable. You should also try to set up strong passwords, use two-factor authentication and be sure not to pair with unknown devices.


  • khawar says:

    Much ado about nothing.

    People who really care about security leave their data locked up in their computers. 
    They also carry strong encryption versions of their data.
    What is the point when someone can just hold a gun to your head and take the computer or device which contains the data. And they can also demand that you decrypt it.
    Basic rule of security. If you do not want a piece of data stolen then do not flaunt it around like a wallet. 

    Khawar Nehal 

  • mahmoud says:

    Hello Team

    Does the Filip 2 work in Egypt?

    At what outlets / shops can I buy them from inside the states please?

    Thank you

  • mahmoud says:

    At what outlets / shops can I buy the Filip 2 please at San Diego or Los Angeles ? 


What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.

 Most Recent News