Beware: HP has tested 10 smartwatches only to find they all have "significant" vulnerabilities.
The smartwatch market is gaining ground, but HP has warned of significant security vulnerabilities in the 10 models it tested.
HP didn't identify the smartwatches it tested, saying only that they were "10 of the top smartwatches on today's market."
Strategy Analytics recently found that Apple Watch took a 75 percent market share in the second quarter of 2015, so presumably that was one of HP's 10 models. With a 7.5 percent share, Samsung was the only other vendor to escape the "Others" category. That's a big change from the first quarter of 2014, when the same research company said Samsung had a 71 percent market share ahead of Sony and Pebble.
HP tested the 10 smartwatches in conjunction with an Android or iOS device and the relevant app.
Among the concerns were the way firmware was transmitted to seven of the smartwatches without encryption (though in most cases the use of digital signing makes it harder to introduce 'unofficial' updates), five smartwatches lacked screen lock functionality, and three were vulnerable to account harvesting.
Intercepting communication with the smartwatch was trivially easy with nine of the products, and four of them are vulnerable to a widely-known attack while connected to the cloud.
None of those are good things.
The report's recommendations include:
• Do not enable sensitive access control functions (eg, car or home access) unless strong authentication is offered (two-factor etc).
• Enable passcode functionality to prevent unauthorised access to your data, opening of doors, or payments on your behalf.
• Enable security functionality (eg, passcodes, screen locks, two-factor and encryption).
• For any interface such as mobile or cloud applications associated with your watch, ensure that strong passwords are used.
• Do not approve any unknown pairing requests (to the watch itself).
HP's report "Internet of Things Security Study: Smartwatches" is available for download.
