Top smartwatches contain numerous security flaws and are an open frontier for cyber attacks, according to a new study released by HP.
The study, carried out by HP Fortify looked at 10 popular smartwatches and their cloud and app counterparts that run on iOS and Android.
"100 percent of the tested smartwatches contain significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns," the report said.
"The results of our research were disappointing, but not surprising. We continue to see deficiencies in the areas of authentication and authorisation along with insecure connections to cloud and mobile interfaces."
HP declined to clarify which devices were included in the study, and would not release the names of the companies, products or models tested.
"Our practice is to notify the affected companies and provide them with an opportunity to address the security issues uncovered by our testing," the firm told V3.
"As part of the report, however, we do provide recommendations for consumers and enterprises looking to use or produce smartwatch devices in a more secure manner."
Within the report HP outlined several key security issues that affect smartwatches. One major flaw is the lack of sufficient user authentication.
"30 percent [of smartwatches tested] were vulnerable to account harvesting, meaning an attacker could gain access to the device and data via a combination of weak password policy, lack of account lockout and user enumeration," HP said.
The report also uncovered security vulnerabilities in the cloud-based systems used by smartwatches.
"30 percent of the tested smartwatches used cloud-based web interfaces, all of which exhibited account enumeration concerns," HP said.
"A full 70 percent of the smartwatches were found to have concerns with the protection of firmware updates, including transmitting firmware updates without encryption and without encrypting the update files."
Another major privacy concern discovered by HP was that information collected on smartwatches by default could be exploited.
"As they become more mainstream, smartwatches will increasingly store more sensitive information such as health data. And through connectivity with mobile apps, they may soon enable physical access functions including unlocking cars and homes," said the report.
Other notable findings include that 70 percent of smartwatch firmware is transmitted without encryption and 20 percent of tested devices in a "stolen watch scenario" could be paired with an attacker's smartwatch.
Jason Schmitt, general manager of HP Security, said that taking precautions when transmitting personal data is vital.
"As the adoption of smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access," he said.
Matt White, senior manager at security firm KPMG, agreed that the rising popularity of smartwatches will create inevitable security flaws.
"As is often the case, consumer demand for new and exciting technologies has far surpassed the implementation of security measures," he said.
The warning comes as the smartwatch market grows rapidly, thanks to the introduction of the Apple Watch, which is said to already account for 75 percent of the market, having shipped an estimated 4.2 million devices in three months.
'We'll keep fighting to fight to keep the web free and open,' claim EFF
Breached in March by the same attackers, claim 'insiders'
And all for less than £150, according to Keith
Chambers joined Cisco in 1991 after leaving ailing Wang Labs