HP’s security folks tested the security features on 10 smartwatches along with their cloud and management infrastructure and the results, while not surprising to me, are disappointing.
Smart watches are in their infancy; the compute power is relatively limited and, as is usually the case, features win out over security. The question to ask is whether the security will mature before the devices go mainstream. The watches tested include both Apple IOS and Google Android based devices. Here are some of the findings:
- None of the devices supported two factor authentication – what is quickly becoming the standard for protecting sensitive information.
- None of the interfaces allowed the user to lock out an intruder after multiple failed logins, meaning an attack can brute force the password.
- 40 percent used weak encryption. I would guess this is to reduce the amount of computing power required.
- 70 percent had security related firmware vulnerabilities
- In 90% of the cases, communications were easily intercepted and
- In 70% of the cases, watch firmware is transmitted without encryption.
While, as I said above, none of this is surprising, it does mean that people should consider how they use and how they physically protect their smart watches. It also means that users should be more
Since watches don’t have big hard disks (yet), they are dependent on the cloud as a source of storage. That means that, if the watch is compromised, your cloud could be compromised as well.
Information for this post came from Dark Reading.