"It's not just a smartwatch. It's the ecosystem around it," he said.
Of the devices HP tested, three had Web interfaces and mobile apps that could be used to access the smartwatch. HP said the password-creation requirements for these systems weren't complex. Additionally, the interfaces and apps didn't lock out people after they entered the wrong password multiple times and lacked two-factor authentication. When paired with accounting-harvesting tactics, which cull the Web for information on people, these weaknesses could allow an attacker to use brute force attacks to figure out a person's password, HP said.
As smartwatch adoption grows, HP predicted the devices will become appealing targets for hackers since people will store sensitive information on them such as data for making purchases or even unlocking their homes' doors.
But those security concerns, as well as how smartwatch app data is used, aren't on a person's mind when they purchase a wearable, Miessler said. Instead, they're looking at what features, like fitness and wellness monitoring, a smartwatch offers.
"They're thinking what kind of health data can you get from the wearable, not where is the health data going," he said.
Sign up for CIO Asia eNewsletters.