HP Security found that many of the most popular wearable gizmos carry major security flaws thanks to their increasing connectivity to the Internet of Things.
All the ten gizmos tested by Fortify, HP Security’s application provider, contained “significant vulnerabilities”.
These included a lack of proper authorisation and authentication. When connected to an insecure test mobile device, three in ten of the gizmos were vulnerable to ‘account harvesting.’ This was thanks to a combination of weak password policy, lack of account lockout, and user enumeration.
Seventy percent of the smartwatches tested were also found to come up short on protecting firmware updates, including transmitting firmware updates without encryption and without encrypting the update files.
Three of the gizmos used cloud-based web interfaces that left them at risk of having password or data stolen by hackers using reset password forms.
HP had concerns about the security of the personal data collected by the toys. To use their shiny toys users often need to give up information such as name, address, date of birth, weight, gender, heart rate and other health information.
Jason Schmitt, general manager, HP Security said that smartwatches have only just started to become a part of our lives, but they deliver a new functionality that could open the door to new threats.
“As the adoption of smartwatches speeds up, the platform will become more attractive to those who would abuse that access, making it critical that we take precautions when sending personal data or connecting smartwatches into corporate networks.”