Keeping your life on your wrist could be risky
HP has found security flaws on 10 different wearables and is warning users to be aware their data could be at risk.
The HP security study for smartwatches found high level security flaws in all 10 unidentified smartwatches it tested.
The main two issues were authentication and lack of encryption. Nearly a third of the devices tested had problems with a lack of two-factor password protection and account lock-out options.
The general manager of HP’s Fortify division, Jason Schmitt said: “As the adoption of smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks.”
Read this: Wearables are only secure until they become worth hacking
Another issue found was the encryption of the device’s TLS or SSL connections. The what now? Well, TLS and its predecessor SSL, provide an encrypted connection to provide security over a computer network, allowing you to transmit private data online.
HP found that 40% of smartwatch connections to the cloud were vulnerable to Poodle (Padding Oracle On Downgraded Legacy Encryption), an exploit which can be used to attack browser based communication that uses SSL 3.0.
Yet another concern was that seven of the smartwatches had vulnerabilities with insecure software or firmware. Firmware updates had no encryption, however, many updates were signed to try and prevent the installation of infected firmware.
With wearables making more and more use of our personal data – from fitness stats to health records, manufacturers should be looking to make security a high priority. At MWC, Intel even announced plans to bundle McAfee anti-virus software in with the LG Watch Urbane LTE.
For anyone who is worried about wearing a hackable smartwatch or fitness tracker, the report suggests you limit the amount of personal information you put on your wearable. You should also try to set up strong passwords, use two-factor authentication and be sure not to pair with unknown devices.