Sean Gallup, Getty Images
Industryweek 13451 072415smartwatchesiothack

Smartwatches, Other Connected Devices Open New Hacking Risks

July 24, 2015
A new study from Hewlett-Packard finds that all 10 smartwatches tested 'contain significant vulnerabilities, included insufficient authentication, lack of encryption and privacy concerns.'

WASHINGTON, D.C. — The surging market for smartwatches opens up new ground for hackers, according to researchers who found vulnerabilities in all the devices they tested.

A study by Hewlett-Packard’s HP Fortify found “that 100% of the tested smartwatches contain significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns,” the company said in releasing the findings Wednesday.

The researchers found “that smartwatches with network and communication functionality represent a new and open frontier for cyberattack,” the report said.

The research highlights the cyber risks from the growing number of connected devices — such as cars, lightbulbs and refrigerators — often referred to as the Internet of Things. 

Hewlett-Packard released the study just days after Wired published a story about a pair of hackers working with a writer to remotely shut down a moving 2014 Jeep Cherokee. Fiat Chrysler responded by announcing the release of a patch for the vulnerability of its Uconnect system, and a pair of U.S. senators planned to introduce new legislation designed to require cars sold in America to meet protection standards against digital attacks.

Smartwatches could pose special risks because they may store sensitive information such as health data, and could connect to cars and homes to unlock them, HP said.

“Smartwatches have only just started to become a part of our lives, but they deliver a new level of functionality that could potentially open the door to new threats to sensitive information and activities,” said Jason Schmitt, general manager at HP Security. “As the adoption of smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks.”

The HP study looked at 10 smartwatches, along with their Android and Apple iOS cloud and mobile application components.

The biggest problems included weak authentication, making it easy for an attacker to gain access, and a lack of encryption.

All the smartwatches collected some form of personal information, such as name, address, date of birth, weight, gender, heart rate and other health information.

Copyright Agence France-Presse, 2015

Popular Sponsored Recommendations

Digital Production Tracking: How Connected Platforms with No-Code Deliver Value

Sept. 19, 2023
Manual tracking lacks the real-time visibility manufacturers need to identify root causes and remain competitive. Digital, connected production tracking is crucial for your operations...

Discrete and Process Manufacturing 2024 Trends and Outlook for North America

Oct. 29, 2023
Manufacturers are reaping the benefits of automation and cloud-based solutions. Discover what is driving today's industry trends and how they can shape your growth priorities ...

Gain a competitive edge with real-world lessons on private 5G networks

Nov. 16, 2023
The use of private networks in manufacturing applications is rapidly growing. In this paper, we present valuable insights and lessons learned from the field with the goal of enhancing...

MES vs. Operations Platforms: Buyer's Guide

Sept. 19, 2023
Now more than ever, manufacturers are rethinking legacy MES's role in their operations. This comprehensive guide compares traditional manufacturing execution systems and operations...

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!