WASHINGTON, D.C. — The surging market for smartwatches opens up new ground for hackers, according to researchers who found vulnerabilities in all the devices they tested.
A study by Hewlett-Packard’s HP Fortify found “that 100% of the tested smartwatches contain significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns,” the company said in releasing the findings Wednesday.
The researchers found “that smartwatches with network and communication functionality represent a new and open frontier for cyberattack,” the report said.
The research highlights the cyber risks from the growing number of connected devices — such as cars, lightbulbs and refrigerators — often referred to as the Internet of Things.
Hewlett-Packard released the study just days after Wired published a story about a pair of hackers working with a writer to remotely shut down a moving 2014 Jeep Cherokee. Fiat Chrysler responded by announcing the release of a patch for the vulnerability of its Uconnect system, and a pair of U.S. senators planned to introduce new legislation designed to require cars sold in America to meet protection standards against digital attacks.
Smartwatches could pose special risks because they may store sensitive information such as health data, and could connect to cars and homes to unlock them, HP said.
“Smartwatches have only just started to become a part of our lives, but they deliver a new level of functionality that could potentially open the door to new threats to sensitive information and activities,” said Jason Schmitt, general manager at HP Security. “As the adoption of smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks.”
The HP study looked at 10 smartwatches, along with their Android and Apple iOS cloud and mobile application components.
The biggest problems included weak authentication, making it easy for an attacker to gain access, and a lack of encryption.
All the smartwatches collected some form of personal information, such as name, address, date of birth, weight, gender, heart rate and other health information.
Copyright Agence France-Presse, 2015