Cloud Backup

We`re just sending through your details

Please give us a few moments whilst we get your account ready.


How strong is your smartwatch's data security?

How strong is your smartwatch's data security?

posted in Cyber-Security ● 1 Oct 2015

In a society where health and wellness are no longer buzzwords but real things people have adopted as part of a balanced lifestyle, we need devices that keep us aware and informed – to be the catalysts that drive us to action. But while the Internet of things (IoT) has allowed smart wearables to become commonplace in today’s households and workplaces, big adoption can spell bigger risks for data security.

Popular opinion

Since it’s popular opinion pushing the sales of smart wearables to new heights, ISACA (previously known as the Information Systems Audit and Control Association) surveyed 1,001 employed consumers of connected devices in the UK. The results showed that around 60% of respondents proactively tried to manage the privacy and data security settings on their devices but only 36% felt that information gathered on their smartwatches (and 29% on their smart glasses) was private. Only 21% thought their smartwatches were actually secure.

First, the bad news

Inadvertently confirming popular opinion, HP went ahead and conducted a study on ten popular iOS and Android-based smartwatches. They found “…numerous security concerns…” on these devices while performing a battery of security tests (known as HP Fortify). Here are some of the most noteworthy problems found:

  • Insufficient user authentication. Things like limits on the number of failed password attempts and two-factor authentication were found lacking in 3 devices.
  • Network vulnerability. Four in ten devices still used the POODLE-vulnerable SSL v2 encryption ciphers.
  • Insecure interfaces. Since 3 of the devices had cloud access, the mechanism used here would allow hackers to determine which cloud accounts were valid by using the “reset password” procedure.
  • Insecure software/firmware updates. Seven in ten devices showed vulnerability in that their software and firmware updates were not encrypted allowing eavesdroppers to download and analyse them.
  • Exposed personal details. The lack of data security mentioned above raises the risk of exposing personal details gathered by the devices, such as names, addresses, dates of birth, and notably health and fitness information.

Now the good news

Strides are being made with developing better data security legislation in the EU. The rights of the individual are in focus and how their personal information is to be protected. The Data Protection Directive (95/46/EC) has been blamed for being outmoded, which has sparked the need for legislation that better considers the nature of connected devices in the IoT.

Although currently a work in progress, the new General Data Protection Regulation (GDPR) will elaborate on aspects of the existing Directive but will supersede it, once it’s adopted by as early as 2016. Among other things, it aims to address the wearable device sector with better descriptions of what constitutes private data, how said data can be collected, and in what form it should be transmitted, if at all.

But in the meantime

There are some things you can do to protect yourself. HP had the following recommendations to help consumers from falling victim to bad data security:

“… that users do not enable sensitive access control functions such as car or home access unless strong authorization is offered. In addition, enabling passcode functionality, ensuring strong passwords and instituting two-factor authentication will help prevent unauthorized access to data.”

So, while you look good doing that thing you do with your snazzy smartwatch, take care of your devices and their data as much as you take care yourself.

Cyber-attack on The Works is a warning to others

The recent cyber-attack on discount retailer The Works, emphasises the need for organisations of all sizes to invest in ransomware prevention measures.

Continue reading

Redstor Appoints Channel Leader Mike Hanauer as CRO to Spearhead Global Sales Expansion

Reading, April 28, 2022 – Redstor, the cloud-first backup platform of choice for MSPs, today announced the appointment of accomplished channel sales executive Mike Hanauer in a newly created role of Chief Revenue Officer (CRO). Known across the market for his revenue-generating successes with top data protection, recovery and security companies, Hanauer will spearhead global expansion plans for Redstor’s category-leading SaaS platform.

Continue reading

What is the Digital Operational Resilience Act?

The Digital Operations Resilience Act (DORA) is the European Union’s attempt to streamline the third-party risk management process across financial institutions.

Continue reading

Download The Ultimate MSP Growth Guide

  • This field is for validation purposes and should be left unchanged.