Researchers have found that it is "not very difficult" to access personal data including contacts, emails and sensitive health information from smartwatches made by LG and Samsung because neither brand encrypts the user's data.
The discovery was made by Ibrahim Baggili of the University of New Haven's Cyber Forensics Research and Education Group. The findings will be presented in a paper in August but Baggili told CNET "It was not very difficult to get the data, but expertise and research was required."
That data includes calendar appointments, contacts listings and pedometer statistics in the case of the LG G Watch and emails, messages, contacts and complete health data from the Samsung Gear 2 Neo. Both devices could be offering reams of interesting information to hackers.
The LG G Watch is powered by Android Wear while the Samsung Gear 2 Neo uses Samsung's proprietary Tizen operating system. Despite the platform differences, the researchers could find the user's data by looking around the contents of the internal storage of the watch. Traceable activity was also left behind on the Android smartphone to which both devices were attached.
Only Samsung responded to a request for comment from CNET, saying in a statement that it "takes consumer privacy and security very seriously and our products are designed with privacy in mind. If at any time we identify a potential vulnerability, we act promptly to investigate and resolve the issue."
Although smartwatches have still yet to become a "must-have" item for the majority of the population, their usage is expected to grow over time in the next few years despite the slow start. Their popularity isn't likely to be helped if they readily expose owners' health data though.
The findings come at a time of tension in the continuing war between the Obama Administration and technology firms over whether manufacturers should be using whole-device encryption. The U.S. government wants to be able to access data on devices for use in criminal investigations but not encrypting information makes it easy for anybody to access, as shown in the case of these two smartwatches.
The discovery was made by Ibrahim Baggili of the University of New Haven's Cyber Forensics Research and Education Group. The findings will be presented in a paper in August but Baggili told CNET "It was not very difficult to get the data, but expertise and research was required."
That data includes calendar appointments, contacts listings and pedometer statistics in the case of the LG G Watch and emails, messages, contacts and complete health data from the Samsung Gear 2 Neo. Both devices could be offering reams of interesting information to hackers.
The LG G Watch is powered by Android Wear while the Samsung Gear 2 Neo uses Samsung's proprietary Tizen operating system. Despite the platform differences, the researchers could find the user's data by looking around the contents of the internal storage of the watch. Traceable activity was also left behind on the Android smartphone to which both devices were attached.
Only Samsung responded to a request for comment from CNET, saying in a statement that it "takes consumer privacy and security very seriously and our products are designed with privacy in mind. If at any time we identify a potential vulnerability, we act promptly to investigate and resolve the issue."
Although smartwatches have still yet to become a "must-have" item for the majority of the population, their usage is expected to grow over time in the next few years despite the slow start. Their popularity isn't likely to be helped if they readily expose owners' health data though.
The findings come at a time of tension in the continuing war between the Obama Administration and technology firms over whether manufacturers should be using whole-device encryption. The U.S. government wants to be able to access data on devices for use in criminal investigations but not encrypting information makes it easy for anybody to access, as shown in the case of these two smartwatches.
By James Walker / Digital Journal
