Security report finds DDoS attack-capable smartwatch among security vulnerabilities

A new study from HP on smartwatches has revealed significant lack of security features and encryption across the board.

Among the key findings, the report found that data collected by a watch is passed through multiple locations including third parties, and that as much as 90 per cent of it is “trivially intercepted.”

Meanwhile, there is a lack of firmware in 70 per cent of the cases, and in the interface, a lack of PIN or pattern requirement in up to half of the smartwatches evaluated.  Those that did did require it often failed to lock users out for failed attempts, leaving almost a third (30 per cent) of watches vulnerable to account harvesting.

“The results of our research were disappointing, but not surprising,” the report said. “We continue to see deficiencies in the areas of authentication and authorization along with insecure connections to cloud and mobile interfaces. Privacy concerns are magnified as more and more personal information is collected (including health information). Issues with the configuration and implementation of SSL/TLS that could weaken data security were also present.”

According to HP, the top 10 smartwatches evaluated from a hacker’s point of view, which also included their cloud interfaces, network posture, and more. In one instance, HP even found a running DNS service, “which allowed it to be used as part of a DNS amplification attack.”

In response, the company recommends that users enable security functionality such as lock screens, strong passwords and two-factor authentication. For enterprises, it recommends proper configurations of TLS implementations as well as building custom apps with stronger security.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

CDN Staff
CDN Staffhttps://channeldailynews.com
For over 25 years, CDN has been the voice of the IT channel community in Canada. Today through our digital magazine, e-mail newsletter, video reports, events and social media platforms, we provide channel partners with the information they need to grow their business.

Related Tech News

Featured Tech Jobs

 

CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.