Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

They call them Smartwatches, not secure watches
MOBILE

They call them Smartwatches, not secure watches 

The answer is not very secure at all. In fact, it presents another avenue for attack by providing the means to gain access to someone’s personal data that should be kept private and secure.  

Due to the security concerns associated with smartwatches, HP’s Fortify on Demand team conducted a study on the top 10 smartwatches available today taking into account vulnerabilities that an attacker could exploit. The study also examined the management abilities, mobile and cloud interfaces, network, and other areas that might lead to an attack.

From this study the following were highlighted as concerns:

  1. Authentication and authorization deficiencies
  2. Insecure cloud and mobile connections
  3. Privacy concerns with the collection of personal data including health
  4. Configuration and implementation issues of SSL/TLS

As if the above issues were not enough to be concerned about, the study went further to indicate that there are also security concerns with the gateway mobile device a smartwatch is connected to. It is a known fact that a smartwatch cannot fully operate independently but must work in conjunction with a paired mobile device. This makes it more vulnerable for an attack as data is collected on the watch, then transferred to applications through the mobile device and then onto numerous third parties platforms.

As a consumer or even a business, what can you do to mitigate these security risks? The study went on to offer the following recommendations:

For consumers:

  • Do not enable sensitive access control functions (e.g., car or home access) unless strong authentication is offered (two-factor etc). 

  • Enable passcode functionality to prevent unauthorized access to your data, opening of doors, or payments on your behalf. 

  • Enable security functionality (e.g., passcodes, screen locks, two-factor and encryption). 

  • For any interface such as mobile or cloud applications associated with your watch, ensure that strong passwords are used. 

  • Do not approve any unknown pairing requests (to the watch itself).

For enterprise technical teams:

  • Ensure TLS implementations are configured and implemented properly. 

  • Protect user accounts and sensitive data by requiring strong passwords. 

  • Implement controls to prevent man-in-the-middle attacks. 

  • Build mobile applications (specific to each ecosystem) into the device – 
in addition to any vendor-provided or recommended apps.”

As technology continues to advance at a swift pace we can be certain that smartwatches are going to inherit a greater part of our cyber lives. As this trend flourishes we can be sure that attackers will continue to pry more into this to breach security and obtain our private personal data. So, in the meantime what can we do to protect our cyber lives? Just what we should already be doing; setting strong passwords and being cautious with the applications we use.

If you would like a copy of this informative study, please visit: http://go.saas.hp.com/fod/internet-of-things.

Related posts