All Smartwatches Are Vulnerable to Hackers http://b4in.org/dJkm
Originally shared by Before It's News
All Smartwatches Are Vulnerable to Hackers http://b4in.org/dJkm
Do you own a Smartwatch? If yes, then how safe it is? There are almost 100 percent chances that you own a vulnerable Smartwatch.
Computer manufacturer Hewlett-Packard is warning users of smartwatches including Apple Watch and Samsung Gear that their wearable devices are vulnerable to cyber attacks.
In a study, HP’s Fortify tested today’s top 10 smartwatches for security features, such as basic data encryption, password protection and privacy concerns.
The most shocking part of the study was that –
Not even a Single Smartwatch Found to be 100 percent Safe
Security experts found that 100 percent of wearable devices contained at least one serious security vulnerability that could make the devices vulnerable to hackers.
With the increase in the adoption of smartwatches, manufacturers need to pay closer attention to the customers’ security because these wearable devices could potentially open doors to new threats to personal and sensitive information.
“As the adoption of Smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting Smartwatches into corporate networks,” Jason Schmitt, general manager at HP’s Security Fortify said in a statement.
The study [PDF], no doubt, had included Smart watches by Apple, Pebble, Samsung and Sony, as it claims to have picked top 10 smartwatches.
Here’s the list of issues reported by HP:
1. Lack of transport encryption – Though all products implemented transport encryption using SSL/TLS, 40 percent of devices found to be either vulnerable to the POODLE attack, allowing the use of weak cyphers, or still using SSL v2.
More http://b4in.org/dJkm
Interesting but annoying that the so called report is just an advert for hp's services and doesn't actually give any useful information. They don't identify any of the devices they tested or when the trying was done so I have no way to tell if my android wear device running on the latest firmware has any of the issues they mention not if those issues actually matter.
ReplyDeleteFor example, one issue is firmware updates being sent unencrypted. Sounds bad until you realise they admit that although unencrypted they are digitally signed. So an off the shelf update being unencrypted is regarded as a problem even though anyone can download the same update from the manufactures website, or compile it from source. Nothing to see here, move on.
Weak password, insecure password recovery: none of the standard apps on my watch do anything with passwords at all.
Nor for the personal information part does it collect anything other than heart rate. There simply is no text input on the screen.
One good bit of advice is never accept random pairing requests. I do get these sometimes when walking down the street. No idea who or what is trying to pair but I ignore them.
A full working DNS server though. That seems like a bit unnecessary for a smart watch...
ReplyDelete