A study by Scots academics have revealed that there is still room for betterment of security of wearable fitness trackers to protect the personal data of users.
Scientists have warned that there are many loop holes in devices – those that monitor heart rate, calculate steps taken and calories burned – and this could be a violation of their privacy and the security of the data they track could be at danger.
If weak security spots are utilized in the communication methods of some devices, it could enable unauthorised transfer of personal data to third parties. The third parties could include online retailers and marketing agencies, according to the team. Moreover, these susceptibility could also help to create fake medical records.
Researches revealed that by transferring fake activity data to insurance companies, fraudsters can take advantage of cheaper cover from insurers that award physical activity with lower premiums.
An in-depth security analysis of two popular models of Fitbit’s fitness trackers was carried out by a team from the University of Edinburgh.
The investigators unveiled a new method of stopping messages that are transferred between fitness trackers and their cloud servers – where the data is transmitted for scrutiny. This enabled the fraudsters to gain access to personal information, and thus create false physical activity records.
Fitness trackers are vulnerable to security loop holes
The team further showed how the system that keeps the data secure – known as end-to-end encryption – can be avoided. By disassembling devices and altering information stored in their storage, investigators dodged the encryption system and got access to the stored information.
The team has made instructions to help the makers of the fitness trackers to remove similar flaws from their future device to make sure that the personal data of the users is kept safe and sound.
In reply to these findings, giant in the wearable sector, Fitbit has developed software patches, as it is working on improving the privacy and security of its models.
The findings of the team will be presented at the International Symposium Research in Attacks (RAID), which commences from 18th to 20th September.
The University of Edinburgh’s school of informatics representative, Dr Paul Patras revealed that the work of the team wants to show the weaknesses of security and privacy in popular wearable devices as other technologies develop.
He further added that Fitbit’s immediate measures to those researches show their professional mentality towards comprehending the flaws in their system that the team identified. And thus, timely measures could help secure these devices before any major attacks on users’ personal data.
According to industry analysts, the wearable market is tipped to increase by three times in size in the coming years, and it will have a massive worth of over $25 billion.
A global prediction for wearable devices – that varies from smartwatches, fitness trackers to wearable cameras etc – reveal that the wearable market is set to increase from 84 million units in 2015 to 245 million units in 2019.
