HOME > CONSUMER > HP Study Finds Smartwatches Vulnerable to Attack

HP Study Finds Smartwatches Vulnerable to Attack

spice

HP said smartwatches with network and communication functionality represent a new and open frontier for cyberattack, quoting results of a study.

The study conducted by HP Fortify found that 100 percent of the tested smartwatches contain significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns1.

In the report HP provides actionable recommendations for secure smartwatch development and use, both at home and in the workplace.

“As the IoT market advances, smartwatches are growing in popularity for their convenience and capabilities. As they become more mainstream, smartwatches will increasingly store more sensitive information such as health data, and through connectivity with mobile apps may soon enable physical access functions including unlocking cars and homes,” HP said.

“Smartwatches have only just started to become a part of our lives, but they deliver a new level of functionality that could potentially open the door to new threats to sensitive information and activities,” said Jyoti Prakash, Country Director, India and SAARC countries, HP Enterprise Security Products (ESP).

“As the adoption of smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks.”

The HP study questions whether smartwatches are designed to store and protect the sensitive data and tasks for which they are built. HP leveraged HP Fortify on Demand to assess 10 smartwatches, along with their Android and iOS cloud and mobile application components, uncovering numerous security concerns.

It found the following problems as relatively common:

Insufficient User Authentication/Authorization: Every smartwatch tested was paired with a mobile interface that lacked two-factor authentication and the ability to lock out accounts after 3-5 failed password attempts. Three in ten, 30 percent, were vulnerable to account harvesting, meaning an attacker could gain access to the device and data via a combination of weak password policy, lack of account lockout, and user enumeration.

Lack of transport encryption: Transport encryption is critical given that personal information is being moved to multiple locations in the cloud. While 100 percent of the test products implemented transport encryption using SSL/TLS, 40 percent of the cloud connections continue to be vulnerable to the POODLE attack, allow the use of weak cyphers, or still used SSL v2.

Insecure Interfaces: Thirty percent of the tested smartwatches used cloud-based web interfaces, all of which exhibited account enumeration concerns. In a separate test, 30 percent also exhibited account enumeration concerns with their mobile applications. This vulnerability enables hackers to identify valid user accounts through feedback received from reset password mechanisms.

Insecure Software/Firmware: A full 70 percent of the smartwatches were found to have concerns with protection of firmware updates, including transmitting firmware updates without encryption and without encrypting the update files. However, many updates were signed to help prevent the installation of contaminated firmware. While malicious updates cannot be installed, lack of encryption allows the files to be downloaded and analyzed.

Privacy Concerns: All smartwatches collected some form of personal information, such as name, address, date of birth, weight, gender, heart rate and other health information. Given the account enumeration issues and use of weak passwords on some products, exposure of this personal information is a concern.

As manufacturers work to incorporate necessary security measures into smartwatches, consumers are urged to consider security when choosing to use a smartwatch, HP warned.

“It’s recommended that users do not enable sensitive access control functions such as car or home access unless strong authorization is offered. In addition, enabling passcode functionality, ensuring strong passwords and instituting two-factor authentication will help prevent unauthorized access to data.

“These security measures are not only important to protecting personal data, but are critical as smartwatches are introduced to the workplace and connected to corporate networks. Additional guidelines for secure smartwatch use are outlined in the full report.”

Follow ULTRA.news
Indian IT sector margins to fall to 21.2% from 23.5% by 2020 – ICRA Indian IT companies will continue to struggle to maintain growth rates and their margins will continue to fall in line with the trend seen in the last few quarters, credit rating agency ICRA said.The rating agency predicted a sharp decline in revenue growth rate from about 1...
Reliance Jio tops in user satisfaction, but call drop concerns remain Percentage of customers giving 4 or 5 starsReliance Jio users are a happier lot than customers of other services, but call drops and network availability remain key concerns, according to a survey conducted by a market research firm Velocity MR.The firm conducted a study...
Smart fridges, ovens make for easy hacking targets – Wipro report There was a massive 54% increase in the number of records stolen by cyber criminals across the globe in 2016, and the expanding adoption of connected devices is increasing the danger of hacking, Wipro Ltd said in its State of Cybersecurity Report.The report found that the em...
Samsung Galaxy J2 beats Redmi Note 3 & 4 as most popular smartphone in India Samsung J2 is the most widely used smartphone in IndiaThe humble Samsung Galaxy J2, launched two years ago, is the most widely used smartphone in India, beating hot-selling models like Xiaomi Redmi Note 3 & 4 CyberMedia Research said.Samsung J2 is the most widely used smartp...
Xiaomi at No.2, overtakes Vivo, Oppo in Indian smartphone market Xiaomi has emerged as the second biggest smartphone brand in India after Samsung as its smash hit Redmi Note 4 broke sales records, according to market share numbers for the first three months of the year.The numbers also revealed that for the first time in eight years, t...
India’s 3G networks creak under freebie overload; 4G also slows MySpeed, the speedtesting platform operated by the Telecom Regulatory Authority of India, has revealed a sharp dip in wireless data speeds across operators in March compared to the previous month.The declines were visible in both 4G as well as 3G services, but were more prono...
Credit, debit card fraud down sharply this year in India Credit Card Fraud in IndiaIncidents of fraud and theft involving credit and debit cards have fallen sharply in the current financial year, according to data for the first nine months provided by the Reserve Bank of India.While the exact reasons for the sharp decrease is ...
Half of rural population classified as poor in Socio-Economic Caste Census Half of India's rural population have been classified as poor by the Socio-Economic Caste Census of India 2011, the government said today.The findings of Socio-Economic Caste Census of India, which was conducted after vociferous demands by some political parties, has never be...
4G EFFECT: India sees sudden rise in spam and malware Spam volumes in 2016. Source: “Spam and phishing in 2016” by Kaspersky LabThe rapid increase in Internet penetration in India seems to be having an unintended consequence, an equally fast rise in the instance of spam originating in the country.According to Kaspersky Lab'...
Facebook biggest beneficiary of Reliance Jio free data It's common knowledge that Reliance Jio's free data service has massively increased Internet usage in India, but a new report throws light on what categories have been benefited and which have not.The biggest beneficiary of the free data offer from Reliance Jio is -- yes,...
Cyberinc to launch malware isolation product in India Cyberinc, an Aurionpro solutions company, said it will launch a malware isolation product ‘Isla’ in India on December 1st.“Cyberinc's Isla web malware isolation system protects organizations from the most advanced web borne threats by isolating all web content outside the net...
AGC Networks to offer self-learning technology from UK’s Darktrace Darktrace, a British cyber security company, said it partnered with AGC Networks, an India-based technology solutions provider to expand the market for the company´s self-learning technology.“This partnership allows more and more organizations to benefit from Enterprise Immun...
Small enterprises face scarcity of growth capital – Assocham Crisil study While Rs 45 lakh crore would be the total credit demand for the micro, small and medium enterprises sector over the medium term, about Rs 5.15 lakh crore needs to be mobilised to address the near-term requirement, noted an ASSOCHAM-Crisil joint study.“Finance related issues p...
India to see a pick-up in hiring in second half of 2016 – Naukri survey An uptick in the job market in the second half of 2016 is the key sentiment that has emerged from Naukri’s Hiring Outlook survey 2016, conducted among 1300 recruiters and consultants representing more than 20 industries.According to the survey, 77% of the recruiters predi...
More finance professionals support automation than fear it – CIMA survey In a survey conducted by Chartered Institute of Management Accountants (CIMA), 29% finance professionals fear job loss due to increase in automation, while 64% finance professionals encourage increasing automation in India.On the impact of artificial intelligence on strategic...
Infosys’s Finacle tops Forrester survey Infosys Ltd said its banking software Finacle has been named the leader among nine top banking platforms in ‘The Forrester WaveTM: Customer-Centric Global Banking Platforms, Q3 2016’.The ranking was done on the basis of 40 criteria focusing on strategy, current offering and m...
India online shoppers to jump to 8 cr this year from 5.5 cr – Assocham-PwC study The number of people shopping online is expected to rise to 8 cr (80 mln) this year from 5.5 cr in 2015 with better infrastructure in terms of logistics, broadband and Internet-ready devices, according to an ASSOCHAM-PwC study.The overall e-commerce industry, valued at $25 bi...
US kids earning lakhs per month using social media – Survey A new survey conducted by one of Canada's biggest colleges has found that many kids and teens are making serious money by posting promotional photos and videos on their well-connected social media accounts.The research, conducted by Centennial College of Toronto, found that s...
BJP to triple Kerala vote share as Hindus leave Congress in droves – prepoll survey A survey conducted by Asianet News and C-FORE polling agency ahead of upcoming assembly elections has revealed a dramatic shift of Hindu votes away from the Congress-led United Democratic Front towards the Bharatiya Janata Party. The BJP is set to triple its vote share to 18%...
2015 salary increments, attrition higher than expected – Naukri survey More companies gave double digit increments in the first six months of this year compared to the number that had expected to give such increments six months back, according to Naukri Hiring Outlook survey.At an overall level, 68% recruiters gave increments more than 10% in 20...