Connect with us

Hi, what are you looking for?

Jewish Business News

Sports Life-Style

Serious Security Flaws Found in Fitness Trackers

 

fitnesswatch1-1040x483

 

They may look like a normal watch but are capable to do much more than just showing the time. It seemed as if so called fitness trackers are collecting data on their users‘ lifestyle and health status helping them with training or losing weight.

But Researchers from the Technische Universität Darmstadt and the University of Padua looked at 17 models of fitness tracker currently on the market and found serious security flaws.

Please help us out :
Will you offer us a hand? Every gift, regardless of size, fuels our future.
Your critical contribution enables us to maintain our independence from shareholders or wealthy owners, allowing us to keep up reporting without bias. It means we can continue to make Jewish Business News available to everyone.
You can support us for as little as $1 via PayPal at [email protected].
Thank you.

While almost all cloud-based tracking systems use an encrypted protocol like HTTPS to transfer their data, the researchers were able to falsify data in almost all cases. In one example, they successfully persuaded the tracker to tell its server that the user had walked 80 million steps in a day.

 

nearly 20 million fitness trackers have been sold in the first quarter of 2016. Many of them track via GPS the kilometers the user run, measure heart rate and pulse or check if the user is asleep. “These data are not only used for the original purpose but are increasingly being used by third parties”, explains Ahmad-Reza Sadeghi, system security professor.

Data collected by fitness trackers have been used as evidence in court trials in the US, as reported by Forbes in 2014. Police and attorneys have started to recognize wearable devices as the human body’s “black box”, the NY Daily News eported in April 2016. Some health insurance companies recently started to offer discounts if the insured persons provide personal data from their fitness trackers.

This could attract scammers who manipulate the tracked data to fraudulently gain financial benefits or even influence a court trial, says Sadeghi. This makes it all the more important that transmission, processing and storing of the sensitive personal data meet high security standards.

 

The university’s website reports that the study, concentrated on manipulating the data on their way to the cloud server and examined the security of communication protocols.

Only devices from four manufacturers took some minor measures to protect data integrity, i.e. to ensure that data remain intact and unaltered. “These hurdles cannot stop a motivated attacker. Scammers can manipulate the data even with very little IT knowledge”, Sadeghi warns, as none of the trackers employ End-to-End encryption or other effective tamper protection measures when synchronizing data.

Five of the examined fitness trackers did not provide a possibility to synchronize fitness data with an online service. However, these manufacturers store the collected fitness data in plain-text, i.e. un-encrypted and readable by everyone, on the smartphone which introduces a potential risk of unauthorized data leakage should the smartphone be stolen or infected with malware.

The researchers also found that several manufacturers store their fitness data in plain text. That introduces a risk of the data being accessed by others if a device is stolen or infected with malware.

“Health insurers and all other companies who want to use fitness trackers for their services should seek advice from security experts before doing so, ” said Sadeghi, adding that the technology to prevent this from happening exists, but “it’s just that the manufacturers have to put some more effort in employing these technologies in their products”.

Some health insurance companies recently started to offer discounts if the insured persons provide personal data from their fitness trackers. This could attract scammers who manipulate the tracked data to fraudulently gain financial benefits or even influence a court trial, says Sadeghi. This makes it all the more important that transmission, processing and storing of the sensitive personal data meet high security standards.

 

Newsletter



Advertisement

You May Also Like

World News

In the 15th Nov 2015 edition of Israel’s good news, the highlights include:   ·         A new Israeli treatment brings hope to relapsed leukemia...

Life-Style Health

Medint’s medical researchers provide data-driven insights to help patients make decisions; It is affordable- hundreds rather than thousands of dollars

Entertainment

The Movie The Professional is what made Natalie Portman a Lolita.

Travel

After two decades without a rating system in Israel, at the end of 2012 an international tender for hotel rating was published.  Invited to place bids...