HP tested 10 smartwatches, including ones by Apple, Pebble, Samsung, and Sony, in a study called The Open Web Application Security Project (OWASP) Internet of Things Top 10. The study came to start in 2013 when there was a lot of talk about the Internet of things, but nothing completely focused on security. Individuals from the Fortify on Demand team got together to educate people on topics of security they should be concerned with.
The results showed that every watch tested included some sort of security flaw, such as password protection and data encryption. So the question arises, are you getting your bang for your buck? I’m not sure.
The findings in these tests done showed that nine of the watches sent data unencrypted, which could easily be intercepted. Two of the devices could be linked with another phone effortlessly if stolen. A third of the smart watches allowed unlimited login attempts, helping hackers guess passwords. Only half of the watches have a lock function to stop other people other than the owner from accessing data.
“The results of our research were disappointing, but not surprising,” HP said in its report.
HP would not reveal which watches it had tested, but stated it was working with manufacturers to “build security into their products before they put them out to market.”
In this world of growing technology, every manufacturer wants to be the first to have it. Could that be why there are so many security flaws? Is every manufacturer trying to beat its competitors to the punch?
“Keeping up with other manufacturers to be a forerunner in this technology field may force products to be released without the necessary attention to how secure they actually are,” said Mark James, security specialist at online security firm ESET.
Manufacturers need to be more concerned with customer security before designing and launching these products. I know I would be angry if I spent hundreds of dollars on a smartwatch and someone easily hacked into it.
Daniel Miessler, the man who led the research study, said, “It's a chicken-and-egg situation. You need enough customer interest in security for the manufacturers to change and invest.”
He’s right. Customers should take necessary steps to protect themselves. The more we care about our device’s security, the more the manufacturers will work to make it right.
“There are a few basic security precautions to help guard against the risk of exposing personal information,” said Sian John, Symantec’s security strategist. “Use a screen lock or password to prevent unauthorized access to your device, do not reuse the same user name and password between different sites and use full device encryption if available.”
Source: BBC
Advertisement
Learn more about Electronic Products Magazine
