Smartwatches have security flaws says HP

  • Published
A watchImage source, Thinkstock

The best-selling smartwatches on the market all have security problems, according to US tech giant Hewlett-Packard.

The company tested 10 wearables for security features, such as password protection and data encryption.

It found all the watches had at least one area of concern.

One security expert said manufacturers needed to pay closer attention to customer security.

"Keeping up with other manufacturers to be a forerunner in this technology field may force products to be released without the necessary attention to how secure they actually are," said Mark James, security specialist at online security firm ESET.

HP said it had tested 10 of the "top" smartwatches for security features recommended by the Open Web Application Security Project, which aims to "help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things".

It found that:

  • Only half the watches had a lock function to prevent people other than the owner accessing data stored on it
  • Nine of the watches sent some data unencrypted, which could be intercepted
  • A third of the smartwatches allowed unlimited login attempts, which could help attackers guess passwords
  • Two of the devices could be easily paired with a different phone if stolen

"The results of our research were disappointing, but not surprising," HP said in its report.

'Potential risks'

Daniel Miessler, who led the research, told the BBC: "It's a chicken-and-egg situation. You need enough customer interest in security for the manufacturers to change and invest."

HP said it would not reveal which watches it had tested, but was working with manufacturers to "build security into their products before they put them out to market".

The BBC understands watches by Apple, Pebble, Samsung and Sony were included in the study.

Samsung told the BBC: "Protecting the personal information of our customers is a fundamental priority for Samsung. All of our products and services are designed with privacy in mind."

Apple and Sony have not replied to the BBC's request for comment, while Pebble declined to comment.

"It appears that manufacturers of these devices (including market leaders) have not seriously considered or addressed the privacy implications of wearing their products," said security firm Symantec in its blog.

The firm's security strategist, Sian John, said customers should take steps to protect their data.

"With more and more consumers adopting wearable tech devices, they need to be aware of the potential risks to security and privacy," she said.

"There are a few basic security precautions to help guard against the risk of exposing personal information.

"Use a screen lock or password to prevent unauthorised access to your device, do not reuse the same user name and password between different sites and use full device encryption if available."