No surprise here, the vendors are in business of selling watches so, why bother about security
From the article:
“We found that smartwatch communications are easily intercepted in 90 percent of cases, and 70 percent of watch firmware is transmitted without encryption,”
All of the watches that HP evaluated collected personal data in the form of names, addresses, birth dates, weight, gender and heart rate. Yet not one of them had adequate controls in place for ensuring the privacy and security of the collected data either while on the device or in transit.
For instance, every smartwatch that HP tested was paired with a mobile interface that lacked two-factor authentication. None of the interfaces had the ability to lock out accounts after multiple failed login attempts. A significant 40 percent of the tested products used weak cyphers at the transport layer while a full 70 percent had firmware related insecurities.
For more details:
http://www.darkreading.com/endpoint/smartwatches-could-become-new-frontier-for-cyber-attackers/d/d-id/1321452
No comments:
Post a Comment