Fitness trackers could benefit from better security, study finds

September 14, 2017, University of Edinburgh
Credit: CC0 Public Domain

The security of wearable fitness trackers could be improved to better protect users' personal data, a study suggests.

Vulnerabilities in the devices - which track , steps taken and calories burned - could threaten the privacy and of the data they record, scientists say.

Exploiting security weak spots in the communication procedures of some gadgets could allow unauthorised sharing of personal data with third parties. These include online retailers and marketing agencies, the team says.

Such frailties could also be targeted to create fake health records. By sending insurance companies false activity data, fraudsters could obtain cheaper cover from insurers that reward physical activity with lower premiums, researchers say.

A team at the University of Edinburgh carried out an in-depth security analysis of two popular models of wearable fitness trackers made by Fitbit.

The researchers discovered a way of intercepting messages transmitted between fitness trackers and cloud servers - where data is sent for analysis. This allowed them to access personal information and create false activity records.

The team also demonstrated how the system that keeps data on the devices secure - called end-to-end encryption - can be circumvented. By dismantling devices and modifying information stored in their memory, researchers bypassed the encryption system and gained access to stored data.

Researchers have produced guidelines to help manufacturers remove similar weaknesses from future system designs to ensure users' is kept private and secure.

In response to the findings, Fitbit has developed software patches to improve the privacy and security of its devices.

The findings will be presented at the International Symposium on Research in Attacks (RAID) on 18-20 September. The research was carried out in collaboration with Technische Universitat Darmstadt, Germany, and the University of Padua, Italy. The Edinburgh researchers were part-funded by the Scottish Informatics and Computer Science Alliance.

Dr Paul Patras, of the University of Edinburgh's School of Informatics, who took part in the study, said: "Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology development. We welcome Fitbit's receptiveness to our findings, their professional attitude towards understanding the vulnerabilities we identified and the timely manner in which they have improved the affected services."

Explore further: Are fitness trackers fit for security?

Related Stories

Are fitness trackers fit for security?

September 9, 2016

They may look like a normal watch but are capable to do much more than just showing the time: So called fitness trackers are collecting data on their users' lifestyle and health status on a large scale helping them with training ...

Fitbit to Schumer: We don't sell personal data

August 22, 2014

The maker of a popular line of wearable fitness-tracking devices says it has never sold personal data to advertisers, contrary to concerns raised by U.S. Sen. Charles Schumer.

Wearable fitness devices carry security risks

August 5, 2015

During a 2014 competition among Netflix employees to create potential new features, one group hacked into a Fitbit and created a "Sleep Bookmark" function, automatically pausing Netflix as the wearer started to fall asleep.

Recommended for you

China auto show highlights industry's electric ambitions

April 22, 2018

The biggest global auto show of the year showcases China's ambitions to become a leader in electric cars and the industry's multibillion-dollar scramble to roll out models that appeal to price-conscious but demanding Chinese ...

Robot designed for faster, safer uranium plant pipe cleanup

April 21, 2018

Ohio crews cleaning up a massive former Cold War-era uranium enrichment plant in Ohio plan this summer to deploy a high-tech helper: an autonomous, radiation-measuring robot that will roll through miles of large overhead ...

Virtually modelling the human brain in a computer

April 19, 2018

Neurons that remain active even after the triggering stimulus has been silenced form the basis of short-term memory. The brain uses rhythmically active neurons to combine larger groups of neurons into functional units. Until ...

'Poker face' stripped away by new-age tech

April 14, 2018

Dolby Laboratories chief scientist Poppy Crum tells of a fast-coming time when technology will see right through people no matter how hard they try to hide their feelings.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.