Fitness tracker data vulnerable to hacking
A Scottish university has exposed flaws in the security of wearable fitness trackers leading one US manufacturer to include encrypted communication.
Researchers at the University of Edinburgh analysed the Fitbit Flex and Fitbit One devices and discovered the gadgets could be hacked remotely to create fake health records that could then be presented to insurance companies to secure better rates.
Vulnerabilities in the devices – which track heart rate, steps taken and calories burned – could threaten the privacy of users and could allow unauthorised sharing of personal data with third parties.
Scientists say that by sending insurance companies false activity data, fraudsters could obtain cheaper cover from insurers that reward physical activity with lower premiums.
Billion-dollar giant Fitbit have now taken steps to strengthen security of trackers launched prior to 2015 and have developed software patches to improve privacy.
The researchers discovered a way of intercepting messages transmitted between fitness trackers and cloud servers – where data is sent for analysis. This allowed them to access personal information and create false activity records.
The team also demonstrated how the system that keeps data secure – end-to-end encryption – can be circumvented. By dismantling devices and modifying information stored in their memory, researchers bypassed the encryption system and gained access to stored data.