Smartwatch technology is facing its first major security hurdle after a new study published by HP identified major vulnerabilities in 10 of the top brands.
The study revealed flaws in the cloud-based systems smartwatches use to store data, a lack of sufficient user authentication and data that is open to exploitation by hackers.
The report comes as the smartphone market is growing rapidly. Around 6.8 million smartwatches were sold worldwide in 2014, dominated largely by Samsung, but the release of the Apple Watch has seen a dramatic increase in adoption.
Apple now holds 75 percent of the smartwatch market and shipped four million devices during the second quarter of 2015 alone, according to analysts.
Furthermore, while the smartwatch market is in its infancy compared with smartphone and tablet technology, it has been estimated that almost 350 million wearable devices will be in use worldwide by 2018.
So how should businesses react to the news that these devices may be a security risk?
V3 contacted a number of security experts to get their take on whether HP's discoveries will affect real-world business or whether it's simply symptomatic of a product rushed to market.
The business implications
Raimund Genes, CTO of security company Trend Micro, told V3 that the HP report underlines the concept that "usability beats security" when it comes to new devices.
"Development cycles are fast, ease of use beats proven security methods, and data protection and encryption are not sexy features but a nuisance," he said.
When asked about how businesses should tackle the risk from wearable devices, Genes said firms should have a "company-wide amnesty to discover who is bringing what to work, and which devices are accessing corporate data".
Furthermore, businesses should draw up and enforce an IoT and bring your own device policy and educate staff about the risks. "Any device which doesn't meet the requirements can't join the network," he said.
Daniel Miessler, practice principal at HP Security and lead researcher on the HP study, agreed with this, telling V3 that firms need to be aware of the risks involved with smartwatch technology and tackle the issue sooner rather than later.
"It will be a matter of creating policies for managing IoT and wearables in the enterprise, whether that's creating isolated segments on the LAN [or] determining what types of devices and capabilities are allowed in," he said.
Sian John, chief security strategist for EMEA at Symantec, said that even with this efforts, the risk to firms will come from the "consumerisation" of wearables within businesses, similar to smartphones and tablets.
"Consumers are buying these systems and then connecting them to corporate devices. So information from the corporate side could be exposed via the insecure communication between phone and watch," she told V3.
"If they've connected the phone to their calendar, email and texts there's an extra avenue for exposure that isn't controlled by any mobile security and management technology that's in place."
John urged companies to extend their mobile policy to cover wearable technology: "This should specify rules over connecting productivity apps, passwords, locking and access to websites," she said.
Asked by V3 to give some practical advice to businesses, John said that there are a number of basic security precautions to help guard against attack.
Demand trumps security
Matt White, senior manager in KPMG's cyber security practice said that businesses take this points on board now as while security attacks on smartwatches have not been seen yet, it would only be a matter of time before the first attack hit.
"It's likely that the ‘bad guys' won't be waiting for security to catch up with the current advances. There haven't been any real examples of smartwatch security damaging businesses yet, but there are real possibilities.
"Having confidential conversations surreptitiously recorded (both audio and video) is a genuine risk today, albeit one that is just made easier with a smartwatch rather than being a new risk."
Despite this, White acknowledged that smartwatch are "still in their relative infancy" and so a common sense" approach should be taken.
"Employees need to be treated with a certain degree of trust. The level of policy for each business needs to be a balance between blind trust and overbearing control," he said.
Nice to have vs need to have
Finally, Mark James, security specialist at ESET, noted that at present "smart watches are a ‘nice to have' option and thankfully not a ‘need to have' necessity" and so the risk they pose may not be as widespread as could be feared.
"With anything new in IT there are often security measures that don't make it due to deadlines enforced through the industry," he explained.
"It's disappointing, although not unexpected, that these devices are not as secure as they could be. Keeping these wearable mini-computers updated and patched should be your primary concern if you're going to buy one.
"Ease of use and security do not often go hand in hand, and should always be treated with caution."
However, while the success or failure of wearable technology is yet to be known, the security risk posed by the next wave of devices will no doubt continue to be a talking point for businesses and consumers in the months and years ahead.
FBI briefing US companies to dump Kaspersky, claiming intelligence prove it a 'threat to national security'
Kaspersky rejects FBI accusations that its products are a 'threat to national security'
But breached contractor says that it simply didn't have that much data
EE follows Three in threatening legal action against Ofcom - but for entirely different reasons
The One X is already sold out at several retailers