Nav: Home

Fitness trackers could benefit from better security, study finds

September 14, 2017

The security of wearable fitness trackers could be improved to better protect users' personal data, a study suggests.

Vulnerabilities in the devices - which track heart rate, steps taken and calories burned - could threaten the privacy and security of the data they record, scientists say.

Exploiting security weak spots in the communication procedures of some gadgets could allow unauthorised sharing of personal data with third parties. These include online retailers and marketing agencies, the team says.

Such frailties could also be targeted to create fake health records. By sending insurance companies false activity data, fraudsters could obtain cheaper cover from insurers that reward physical activity with lower premiums, researchers say.

A team at the University of Edinburgh carried out an in-depth security analysis of two popular models of wearable fitness trackers made by Fitbit.

The researchers discovered a way of intercepting messages transmitted between fitness trackers and cloud servers - where data is sent for analysis. This allowed them to access personal information and create false activity records.

The team also demonstrated how the system that keeps data on the devices secure - called end-to-end encryption - can be circumvented. By dismantling devices and modifying information stored in their memory, researchers bypassed the encryption system and gained access to stored data.

Researchers have produced guidelines to help manufacturers remove similar weaknesses from future system designs to ensure users' personal data is kept private and secure.

In response to the findings, Fitbit has developed software patches to improve the privacy and security of its devices.

The findings will be presented at the International Symposium on Research in Attacks (RAID) on 18-20 September. The research was carried out in collaboration with Technische Universitat Darmstadt, Germany, and the University of Padua, Italy. The Edinburgh researchers were part-funded by the Scottish Informatics and Computer Science Alliance.

Dr Paul Patras, of the University of Edinburgh's School of Informatics, who took part in the study, said: "Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology development. We welcome Fitbit's receptiveness to our findings, their professional attitude towards understanding the vulnerabilities we identified and the timely manner in which they have improved the affected services."

-end-



University of Edinburgh

Related Privacy Articles:

Kids, parents alike worried about privacy with internet-connected toys
University of Washington researchers have conducted a new study that explores the attitudes and concerns of both parents and children who play with internet-connected toys.
Study applies game theory to genomic privacy
A new study from Vanderbilt University presents an unorthodox approach to protect the privacy of genomic data, showing how optimal trade-offs between privacy risk and scientific utility can be struck as genomic data are released for research.
When artistic freedom violates somebody's privacy
It can be quite an honor to be included in a literary work -- but it may also be a demeaning experience.
Study examines effect of privacy controls on Facebook behavior
A new study from the Naveen Jindal School of Management at UT Dallas assesses the impact of Facebook's granular privacy controls and its effects on user disclosure behavior.
Mobile app behavior often appears at odds with privacy policies
How a mobile app says it will collect or share a user's personal information with third parties often appears to be inconsistent with how the app actually behaves, a new automated analysis system developed by Carnegie Mellon University has revealed.
Children's health and privacy at risk from digital marketing
For the first time, researchers and health experts have undertaken a comprehensive analysis of the concerning situation in the World Health Organisation European Region regarding digital marketing to children of foods high in fats, salt and sugars
Exploring the relationship of ethics and privacy in learning analytics and design
The Springer journal Educational Technology Research and Development has published a special issue that examines the relationship of ethics and privacy in learning analytics, guest edited by Dr.
Just give me some privacy
Not everyone who strives to navigate the internet without being tracked is up to no good.
System helps protect privacy in genomic databases
In the latest issue of the journal Cell Systems, researchers from MIT's Computer Science and Artificial Intelligence Laboratory and Indiana University at Bloomington describe a new system that permits database queries for genome-wide association studies but reduces the chances of privacy compromises to almost zero.
IU study finds despite expectations of privacy, one in four share sexts
A new study from Indiana University researchers shows that although most people who engage in sexting expect their messages to remain private, nearly one in four people are sharing the sexual messages they receive.

Best Science Podcasts 2017

We have hand picked the best science podcasts for 2017. Sit back and enjoy new science podcasts updated daily from your favorite science news services and scientists.
Now Playing: Radiolab

Radiolab Presents: Anna in Somalia
This week, we are presenting a story from NPR foreign correspondent Gregory Warner and his new globe-trotting podcast Rough Translation. Mohammed was having the best six months of his life - working a job he loved, making mixtapes for his sweetheart - when the communist Somali regime perp-walked him out of his own home, and sentenced him to a lifetime of solitary confinement.  With only concrete walls and cockroaches to keep him company, Mohammed felt miserable, alone, despondent.  But then one day, eight months into his sentence, he heard a whisper, a whisper that would open up a portal to - of all places and times - 19th century Russia, and that would teach him how to live and love again. 
Now Playing: TED Radio Hour

Future Consequences
From data collection to gene editing to AI, what we once considered science fiction is now becoming reality. This hour, TED speakers explore the future consequences of our present actions. Guests include designer Anab Jain, futurist Juan Enriquez, biologist Paul Knoepfler, and neuroscientist and philosopher Sam Harris.