Wearable fitness apps ‘vulnerable to hackers’, Scots researchers warn

The global market for wearable fitness apps is booming
The global market for wearable fitness apps is booming
Share this article
0
Have your say

The security of wearable fitness trackers could be improved to better protect users’ personal data, a study by Scots academics has found.

Vulnerabilities in the devices – which track heart rate, steps taken and calories burned – could threaten the privacy and security of the data they record, scientists have warned

Exploiting security weak spots in the communication procedures of some gadgets could allow unauthorised sharing of personal data with third parties. These include online retailers and marketing agencies, the team says.

Such frailties could also be targeted to create fake health records.

By sending insurance companies false activity data, fraudsters could obtain cheaper cover from insurers that reward physical activity with lower premiums, researchers said.

A team at the University of Edinburgh carried out an in-depth security analysis of two popular models of wearable fitness trackers made by Fitbit.

The researchers discovered a way of intercepting messages transmitted between fitness trackers and cloud servers – where data is sent for analysis. This allowed them to access personal information and create false activity records.

The team also demonstrated how the system that keeps data on the devices secure – called end-to-end encryption – can be circumvented. By dismantling devices and modifying information stored in their memory, researchers bypassed the encryption system and gained access to stored data.

Researchers have produced guidelines to help manufacturers remove similar weaknesses from future system designs to ensure users’ personal data is kept private and secure.

In response to the findings, Fitbit has developed software patches to improve the privacy and security of its devices.

The findings will be presented at the International Symposium on Research in Attacks (RAID) on 18-20 September.

Dr Paul Patras, of the University of Edinburgh’s school of informatics, Said: “Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology development.

“We welcome Fitbit’s receptiveness to our findings, their professional attitude towards understanding the vulnerabilities we identified and the timely manner in which they have improved the affected services.”

The wearables market is set to treble in size in the next five years and become worth over $25 billion, according to industry analysts.

A global forecast for wearable devices — which includes smartwatches, fitness trackers, nd wearable cameras — indicates the market is set to grow from 84 million units in 2015 to 245 million units in 2019.