The Courier & Advertiser (Angus and Dundee)
Fitness trackers could be vulnerable to data hacks by fraudsters
Researchers able to tap into personal information
Vulnerabilities in the security of wearable fitness trackers could threaten the privacy and security of the data they record – and allow fat fraudsters to pirate the fitness records of people who really do exercise, and con insurance firms into giving them cheaper rates.
Scottish scientists warned yesterday that exploiting security weak spots in the communication procedures of some gadgets, which track heart rate, steps taken and calories burned, could allow unauthorised sharing of personal data with third parties, including online retailers, insurance companies, and marketing agencies.
The researchers, at Edinburgh University, said the devices’ “frailties” could also be targeted to create fake health records – and by sending insurance companies false activity data, unfit fraudsters could obtain cheaper cover from insurers that reward physical activity with lower premiums.
“Security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology. DR PAUL PATRAS
The university team carried out an in-depth security analysis of two popular models of wearable fitness trackers made by Fitbit.
The researchers discovered a way of intercepting messages transmitted between fitness trackers and cloud servers, where data is sent for analysis.
This allowed them to access personal information and create false activity records.
The team also demonstrated how the system that keeps data on the devices secure – end-to-end encryption – can be circumvented; by dismantling devices and modifying information stored in their memory, researchers bypassed the encryption system and gained access to stored data.
The researchers have produced guidelines to help manufacturers remove similar weaknesses from future system designs to ensure users’ personal data is kept private and secure.
In response to the findings, Fitbit has developed software patches to improve the privacy and security of its devices.
Dr Paul Patras, of Edinburgh University’s school of informatics, who took part in the study, said: “Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology development.”