Watch what you wear: Smartwatches vulnerable to attack

By Christina Vazquez - Reporter

PEMBROKE PARK, Fla. - Smartwatches could be a new and open frontier for cybercriminals. Wearable tech is all the rage and the smartwatch market is expected to dominate.

But new research suggests that if you want to keep your data private, you may want to skip the latest tech craze.

It turns out, smartwatches are not too smart about protecting your personal information, ultimately giving cyber criminals a chance to intercept that information and use it to their advantage.

A group of elite, "white hat" computer hackers and cyber forensic researchers at the University of New Haven recently extracted a swath of personal information from the LG G Watch and Samsung Gear 2 Neo.

The information includes messages, e-mails, contacts and health and fitness data, according to Dr. Frank Breitinger, assistant professor and associate director of the UNH Cyber Forensics Research & Education Group/Lab, or UNHcFREG, which was established in 2013.

"The main idea of us, what we tried to do, was to see what data is stored on the device - is it encrypted yes or no," Breitinger said.

The group's research uncovered that much of that information is unencrypted.

They plan to present their "Watch what you wear: preliminary forensic analysis of smartwatches" at a digital forensics conference in Toulouse, France later this month.

"We're really out there to break the security as much as we were out there to find out what evidence we could retrieve from them," assistant professor and director of UNHcFREG Dr. Ibrahim (Abe) Baggili said. "From a privacy perspective, it could be quite invasive."

WEB EXTRA: Researchers detail their findings.

Roberto Mejia, graduate research assistant and UNHcFREG researcher, told Local 10 News investigative reporter Christina Vazquez in a Skype interview, "We want to raise consumer awareness...People need to realize that these companies are making a lot of money based on information that we don't even realize that we are giving up."

WEB EXTRA: Giving it away for free: Free tool reveals if mobile apps send unencrypted data.

In a recent HP study, researchers found that all of the 10 smartwatches they tested are vulnerable to attack. These security and privacy vulnerabilities include insufficient authentication, insecure interfaces, insecure software and lack of encryption.

"Smartwatches have only just started to become a part of our lives, but they deliver a new level of functionality that could potentially open the door to new threats to sensitive information and activities," Jason Schmitt, general manager, HP Security, Fortify, said in a news release. "As the adoption of smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks."

WEB EXTRA: HP study reveals smartwatches vulnerable to attack

"It's about convenience, so I'm not sure if I would be willing to give that up over the fact that my information may be compromised because I just feel like nothing is really protected," Hughes said.

Just weeks ago, two tech industry associations wrote a letter to President Obama urging the White House to support encryption, addressing concerns about the balance between privacy and national security.

The Information Technology Industry Council and the Software & Information Industry Association wrote: "We appreciate that, where appropriate, law enforcement has the legitimate need for certain information to combat crime and threats. However, mandating the weakening of encryption or encryption 'work-arounds' is not the way to address this need."

READ: Full letter sent to President Obama

"So in the area that is very much still being developed, and again it speaks to the overall concept, is that we are uploading everything about us on to servers that we don't even know where they are," data privacy attorney Aldo Leiva said. "The overall concept is that we are uploading everything about us."

Local 10 News contacted Apple, LG and Samsung for a statement and is awaiting a response.

Follow Christina Vazquez on Twitter @CallChristinaTV

Follow Local 10 News on Twitter @WPLGLocal10

Copyright 2015 by Local10.com. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.