The devices' collection of increasingly more personal information, including health information, magnifies privacy concerns, the report said. Issues involving the configuration and implementation of SSL/TLS, which could weaken data security, are also present.

The report concluded that the results of the research were disappointing, but not surprising.

“We continue to see deficiencies in the areas of authentication and authorization along with insecure connections to cloud and mobile interfaces,” it read.

The study evaluated 10 of the top smartwatches (they were not unidentified), along with their paired Android and iOS apps, from an attacker's perspective.

HP used its Fortify on Demand IoT testing methodology, which combines manual testing along with the use of automated tools to look at smartwatch management capabilities, mobile and cloud interfaces, network posture and other elements possibly exposed to attack.

All 10 smartwatches collected some form of personal information such as name, address, date of birth, weight, gender, heart rate or other health-related information. “Exposure of this personal information is of concern, given the account enumeration issues and use of weak passwords on some products,” the study maintained.

Additionally, it said that coordinating a man-in-the-middle attack against a smartphone used in conjunction with a smartwatch would be an effortless operation, and could expose personal information even when transport encryption was in use.

The report offered the following seven key takeaways:

1. Data collected by the watch and passed on to an app often transmits to multiple back-end destinations (often including third parties).

2. Watches that include cloud interfaces often employed weak password schemes, making them more susceptible to attack.

3. Watch communication interception took place in 90% of cases.

4. Seventy percent of watch firmware was transmitted without encryption.

5. Fifty percent of tested devices offered the ability to implement a screen lock (PIN or pattern), which could hinder access if lost or stolen.

6. Smartwatches that included a mobile application with authentication allowed unrestricted account enumeration.

7. The combination of account enumeration, weak passwords and lack of account lockout means 30% of watches and their applications were vulnerable to account harvesting, allowing attackers to guess login credentials and gain access to user accounts.

Smartwatches will likely replace smartphones as a convenient way to control communication and manage daily tasks, the study reported. As watch activity becomes a common part of a person's daily routine, such as gaining access to a home, entering and starting cars, and paying for purchases both in person and online, the watch platform will become vastly more attractive to those looking to abuse that access.

The research also showed that wearables present a risk that goes beyond the device. A high number of places transmitting data during the standard use of a given application increases its access points. “Whether using a health, financial or even gaming application, HP was able to intercept and detect the sensitive data being routed to multiple locations on the Internet,” the report said.

Apple alone shipped 4.2 million of its smartwatches during the second quarter of 2015, according to estimates from Canalys research group. The company shipped enough units to unseat several big rivals in the wearables market. In February, a U.K.-based technology analyst firm forecasted that Apple will sell 20 million watches this year.