Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity

    Smartwatches Are Not All That Smart When It Comes to Security

    Written by

    Sean Michael Kerner
    Published July 23, 2015
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Hewlett-Packard is on a mission to raise awareness about insecure configurations and practices in the emerging Internet of things landscape. The latest target for HP’s research is the smartwatch, which, like all the other types of IoT devices HP has looked at thus far, is lacking when it comes to proper security.

      HP first began to publicly discuss its IoT research in July 2014 when it identified common vulnerabilities across 10 popular IoT devices. That research was followed up this February with a report on IoT home security devices that were also found to be insufficiently secured. Now HP has found that many of the same types of vulnerabilities in other classes of IoT devices are also in smartwatches, including weak authentication and lack of encryption, according to Daniel Miessler, practice principal at HP Fortify.

      HP provides details of its smartwatch security analysis in a new report that examines 10 popular smartwatches. As was the case with the two prior HP IoT studies, there are no specific vendors or products mentioned in the report.

      “A lot of the watches are part of an ecosystem including a mobile and a cloud component, and they often ask for the user to input personal data,” Miessler told eWEEK. “We found that a lot of that personal information is being sent to multiple locations.” He said that information could be sent to five or six locations, including advertising and analytic networks.

      In addition, the watches that had cloud components were found to have weak password schemes, enabling HP’s researchers to use brute-force attacks to gain access to the applications.

      “The watch communications themselves were easy to intercept in 90 percent of cases,” Miessler said.

      One particular area of weakness is software updates for the smartwatches. HP found that 70 percent of the tested smartwatches did not perform the software updates with encryption. As a result, smartwatches are open to the risk of a man-in-the-middle attack that could intercept the communications and potentially load malicious firmware.

      In addition, HP reported that only 50 percent of the tested devices had the ability to lock themselves after a specific amount of time.

      “So if you left the watch on a table, only half shut down and locked the screen to keep someone from just logging into it,” Miessler said.

      One area of smartwatch security that HP looked at but didn’t find any specific issues with is Bluetooth, which is an important finding, since many smartwatches today are tethered to mobile devices by way of Bluetooth. In a future report, HP might look deeper at the various protocols used to connect smartwatches, he added.

      In general, the security issues HP found with smartwatches aren’t all that unique, according to Miessler.

      “We’re seeing the same things over and over again. With smartwatches we’re seeing the same security issues we’re seeing with other IoT devices,” Miessler said. “These are similar vulnerabilities to what we see in mobile, and what we see in Web security too.”

      The big risk with smartwatches, however, is the use case, which could enable an attack. Miessler noted that smartwatches are inherently personal devices that are now being used to enable access to different things such as buildings or cars, for example.

      “Watches are very close to the person, and the more vulnerability you have, the more risk that is going to be present,” he said.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and writer for several leading IT business web sites.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.