Sean Gallup, Getty Images

Smartwatches, Other Connected Devices Open New Hacking Risks

July 24, 2015
A new study from Hewlett-Packard finds that all 10 smartwatches tested 'contain significant vulnerabilities, included insufficient authentication, lack of encryption and privacy concerns.'

WASHINGTON, D.C. — The surging market for smartwatches opens up new ground for hackers, according to researchers who found vulnerabilities in all the devices they tested.

A study by Hewlett-Packard’s HP Fortify found “that 100% of the tested smartwatches contain significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns,” the company said in releasing the findings Wednesday.

The researchers found “that smartwatches with network and communication functionality represent a new and open frontier for cyberattack,” the report said.

The research highlights the cyber risks from the growing number of connected devices — such as cars, lightbulbs and refrigerators — often referred to as the Internet of Things. 

Hewlett-Packard released the study just days after Wired published a story about a pair of hackers working with a writer to remotely shut down a moving 2014 Jeep Cherokee. Fiat Chrysler responded by announcing the release of a patch for the vulnerability of its Uconnect system, and a pair of U.S. senators planned to introduce new legislation designed to require cars sold in America to meet protection standards against digital attacks.

Smartwatches could pose special risks because they may store sensitive information such as health data, and could connect to cars and homes to unlock them, HP said.

“Smartwatches have only just started to become a part of our lives, but they deliver a new level of functionality that could potentially open the door to new threats to sensitive information and activities,” said Jason Schmitt, general manager at HP Security. “As the adoption of smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks.”

The HP study looked at 10 smartwatches, along with their Android and Apple iOS cloud and mobile application components.

The biggest problems included weak authentication, making it easy for an attacker to gain access, and a lack of encryption.

All the smartwatches collected some form of personal information, such as name, address, date of birth, weight, gender, heart rate and other health information.

Copyright Agence France-Presse, 2015

About the Author

Agence France-Presse

Copyright Agence France-Presse, 2002-2024. AFP text, photos, graphics and logos shall not be reproduced, published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium. AFP shall not be held liable for any delays, inaccuracies, errors or omissions in any AFP content, or for any actions taken in consequence.

About the Author

IW Staff

Find contact information for the IndustryWeek staff: Contact IndustryWeek

Sponsored Recommendations

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!