The smart watches with features for communication and Internet open up a new frontier for cyber criminals. This was revealed in a safety study conducted by HP.
The investigation revealed that 100 percent of the watches tested were shown to be vulnerable in several aspects like authentication, data encryption and privacy.
As the market grows for the Internet of Things, the smartwatches become increasingly popular. These devices keep confidential user information, such as health data, and soon will also be able to unlock cars and homes. That is why the aim of the study was to find out if smartwatches are designed to protect sensitive data and the tasks for which they are constructed.
HP used its HP Fortify on Demand software to evaluate 10 smartwatches, in addition to the respective components of cloud and mobile applications for Android and iOS, and found numerous safety problems. Here are some of them:
1. Insufficient Authentication
All tested watches were matched with a mobile interface that lacked two-factor authentication and the ability to block accounts after 3-5 failed password attempts. It turned out that three of the ten teams, ie 30 percent, were vulnerable, which means that an attacker could gain access to the devices and data through a combined vulnerability of weak passwords and lack of account lockout.
2. Insecure encryption system
Cryptographic protocols are extremely important because of the personal information of users moving to different locations within the cloud. While 100 percent of the equipments tested feature implemented encryption with SSL / TLS, 40 percent of the connections in the cloud will remain vulnerable because they use weak encryption or the SSL v2type.
3. Unsafe Interfaces
30 percent of the web users on smartwatches were evaluated using cloud-based interfaces, which showed problems with the list of accounts. In a separate test it was determined that 30 percent of the equipments presented problems related to mobile applications. This vulnerability allows hackers to identify the user accounts via the feedback they receive from the reset key mechanisms.
4. Privacy Issues
All smartwatches store some personal information, such as name, address, date of birth, weight, sex and health data. Due to the problems enumerated, like vulnerable accounts and the use of weak passwords, exposure of this personal information is a problem.
Finally, as manufacturers work to incorporate the necessary security measures in these devices, it is important that users verify the safety of their smartwatches when they decide to use them. It is recommended that until the vulnerability problems are solved, consumers would not activate the functions that provide access to sensitive information, such as door unlocking, both in their homes and vehicles.
Additionally, users are encouraged to set strong passwords on their devices and a two-factor authentication system to prevent unauthorized people from accessing their information. These security measures are not only important to protect personal data, but also in protecting corporate data, in the event that the smartwatches are used in the workplace.