Samsung and LG smartwatches leave sensitive data open to hackers

Hackers can easily swipe personal data from LG and Samsung smartwatches, researchers have revealed, with neither brand encrypting sensitive data.

According to researchers at the University of New Haven, hackers can easily extract personal data, including contacts, messages and health information, from both the Samsung Gear 2 and LG G Watch.

Ibrahim Baggili of the University of New Haven's Cyber Forensics Research and Education Group, said: "It was not very difficult to get the data, but expertise and research was required."

The researchers, who are currently looking into whether the Apple Watch suffers a similar issue, said they were able to easily swipe data from both the Tizen and Android Wear-powered watches by poking around the wearables' internal storage and the smartphone to which they were linked.

On the Samsung Gear 2 they managed to pull emails, messages, contacts and complete health data, while the LG G Watch easily gave up users' calendar appointments, contacts listings and pedometer statistics.

The researchers said it was able to do so because neither Samsung or LG properly encrypt user data on their respective smartwatch devices.

"Just because encryption is enabled does not mean it is implemented in a way that does not allow us to defeat the encryption," Bagili said. 

In a statement given to CNET, a Samsung spokesperson said the company "takes consumer privacy and security very seriously and our products are designed with privacy in mind. If at any time we identify a potential vulnerability, we act promptly to investigate and resolve the issue."

LG added: "At LG, we take security very seriously and will make every effort to protect the privacy of our customers. As such, we make it a priority to investigate any and all breach of privacy issues related to LG products for immediate resolution."

The university will present its full findings in a paper for a digital forensics conference in August.

This isn't the first time the' privacy credentials of wearable devices been thrown into doubt. Last month, security researchers at Context revealed that the privacy fitness tracker users is at risk due to leaky Bluetooth Low Enegry (BLE) technology.

Scott Lester, a senior researcher at Context, said: "Many people wearing fitness devices don't realise that they are broadcasting constantly and that these broadcasts can often be attributed to a unique device."

"Using cheap hardware or a smartphone, it could be possible to identify and locate a particular device - that may belong to a celebrity, politician or senior business executive - within 100 metres in the open air."

• Tweet  
• Facebook  
•  
•  
• Send to  

• Topics
• Gadgets
• Security
• Samsung
• LG
• Wearables