Your fitness tracker data may not be secure, says new report
The fitness tracker market seems to be going from strength to strength.
Global shipments of wearables are expected to increase by nearly a third this year to a record 101.9 million units according to the International Data Corporation (IDC) Worldwide Quarterly Wearable Device Tracker. Growth will continue in the years to come. IDC predicts that annual shipments will more than double by 2020 to 213.6 million units per year.
Many companies are tapping into this trend and these days there is no shortage of devices to choose from. They track everything from steps, distance travelled and calories, to heart rate, sleep and even UV exposure.
A new report now warns that perhaps, we should be more worried about the security of the data our fitness trackers collect. It may not be as safe as we have been led to believe.
Researchers from the Technische Universität Darmstadt and the University of Padua looked at 17 different fitness trackers including devices from popular brands such as Garmin, Jawbone and Xiaomi and found big holes in their security.
Although all cloud-based tracking systems use an encrypted protocol like HTTPS to transfer data, the researchers were able to falsify data in all cases. Out of all fitness trackers examined, only devices from four manufacturers took some minor measures to protect data integrity.
“These hurdles cannot stop a motivated attacker. Scammers can manipulate the data even with very little IT knowledge”, Ahmad-Reza Sadeghi, who led the team.
So why should this be of concern to you?
Because third parties are increasingly tapping into data collected by fitness trackers. Police and attorneys have started to recognize wearables as the human body’s “black box”. And we are seeing data from such devices featured in police investigations and even trials.
Then there are health insurance companies. Some of them have have started to offer discounts if the insured persons provide personal data from their fitness trackers. Which presents the possibility of some people hacking into data to falsify activity stats and gain financial benefits.
This makes it all the more important that transmission, processing and storing of the sensitive personal data meet high security standards, the report says.
“Health insurances and all other companies who want to use fitness trackers for their services should seek advice from security experts before doing so“, Sadeghi suggests.
The flaws found in the study could be fixed with known standard technologies, “it’s just that the manufacturers have to put some more effort in employing these technologies in their products“.
The study follows a similar report published in July by independent IT-security institute Av-Test. It also concluded that number of leading wearables manufacturers continue to pay insufficient attention to security.
Like this article? Subscribe to our monthly newsletter and never miss out!