Fitness trackers could benefit from better security, study findsSeptember 14, 2017
The security of wearable fitness trackers could be improved to better protect users' personal data, a study suggests.
Vulnerabilities in the devices - which track heart rate, steps taken and calories burned - could threaten the privacy and security of the data they record, scientists say.
Exploiting security weak spots in the communication procedures of some gadgets could allow unauthorised sharing of personal data with third parties. These include online retailers and marketing agencies, the team says.
Such frailties could also be targeted to create fake health records. By sending insurance companies false activity data, fraudsters could obtain cheaper cover from insurers that reward physical activity with lower premiums, researchers say.
A team at the University of Edinburgh carried out an in-depth security analysis of two popular models of wearable fitness trackers made by Fitbit.
The researchers discovered a way of intercepting messages transmitted between fitness trackers and cloud servers - where data is sent for analysis. This allowed them to access personal information and create false activity records.
The team also demonstrated how the system that keeps data on the devices secure - called end-to-end encryption - can be circumvented. By dismantling devices and modifying information stored in their memory, researchers bypassed the encryption system and gained access to stored data.
Researchers have produced guidelines to help manufacturers remove similar weaknesses from future system designs to ensure users' personal data is kept private and secure.
In response to the findings, Fitbit has developed software patches to improve the privacy and security of its devices.
The findings will be presented at the International Symposium on Research in Attacks (RAID) on 18-20 September. The research was carried out in collaboration with Technische Universitat Darmstadt, Germany, and the University of Padua, Italy. The Edinburgh researchers were part-funded by the Scottish Informatics and Computer Science Alliance.
Dr Paul Patras, of the University of Edinburgh's School of Informatics, who took part in the study, said: "Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology development. We welcome Fitbit's receptiveness to our findings, their professional attitude towards understanding the vulnerabilities we identified and the timely manner in which they have improved the affected services."
University of Edinburgh
Related Privacy Articles:
University of Washington researchers have conducted a new study that explores the attitudes and concerns of both parents and children who play with internet-connected toys.
A new study from Vanderbilt University presents an unorthodox approach to protect the privacy of genomic data, showing how optimal trade-offs between privacy risk and scientific utility can be struck as genomic data are released for research.
It can be quite an honor to be included in a literary work -- but it may also be a demeaning experience.
A new study from the Naveen Jindal School of Management at UT Dallas assesses the impact of Facebook's granular privacy controls and its effects on user disclosure behavior.
How a mobile app says it will collect or share a user's personal information with third parties often appears to be inconsistent with how the app actually behaves, a new automated analysis system developed by Carnegie Mellon University has revealed.
For the first time, researchers and health experts have undertaken a comprehensive analysis of the concerning situation in the World Health Organisation European Region regarding digital marketing to children of foods high in fats, salt and sugars
The Springer journal Educational Technology Research and Development has published a special issue that examines the relationship of ethics and privacy in learning analytics, guest edited by Dr.
Not everyone who strives to navigate the internet without being tracked is up to no good.
In the latest issue of the journal Cell Systems, researchers from MIT's Computer Science and Artificial Intelligence Laboratory and Indiana University at Bloomington describe a new system that permits database queries for genome-wide association studies but reduces the chances of privacy compromises to almost zero.
A new study from Indiana University researchers shows that although most people who engage in sexting expect their messages to remain private, nearly one in four people are sharing the sexual messages they receive.
Related Privacy Reading:
Privacy: What Everyone Needs to Know®
by Leslie P. Francis (Author), John G. Francis (Author)
We live more and more of our lives online; we rely on the internet as we work, correspond with friends and loved ones, and go through a multitude of mundane activities like paying bills, streaming videos, reading the news, and listening to music. Without thinking twice, we operate with the understanding that the data that traces these activities will not be abused now or in the future. There is an abstract idea of privacy that we invoke, and, concrete rules about our privacy that we can point to if we are pressed. Nonetheless, too often we are uneasily reminded that our privacy is not... View Details
1: The Complete Privacy & Security Desk Reference: Volume I: Digital (Volume 1)
by Michael Bazzell (Author), Justin Carroll (Author)
This textbook, at nearly 500 pages, will explain how to become digitally invisible. You will make all of your communications private, data encrypted, internet connections anonymous, computers hardened, identity guarded, purchases secret, accounts secured, devices locked, and home address hidden. You will remove all personal information from public view and will reclaim your right to privacy. You will no longer give away your intimate details and you will take yourself out of 'the system'. You will use covert aliases and misinformation to eliminate current and future threats toward your... View Details
Privacy in the Age of Big Data: Recognizing Threats, Defending Your Rights, and Protecting Your Family
by Theresa Payton (Author), Ted Claypoole (Author), Hon. Howard A. Schmidt (Foreword)
Digital data collection and surveillance gets more pervasive and invasive by the day; but the best ways to protect yourself and your data are all steps you can take yourself. The devices we use to get just-in-time coupons, directions when we’re lost, and maintain connections with loved ones no matter how far away they are, also invade our privacy in ways we might not even be aware of. Our devices send and collect data about us whenever we use them, but that data is not safeguarded the way we assume it would be.
Privacy is complex and personal. Many of us do not know the full... View Details
by Daniel J. Solove (Author)
Privacy is one of the most important concepts of our time, yet it is also one of the most elusive. As rapidly changing technology makes information increasingly available, scholars, activists, and policymakers have struggled to define privacy, with many conceding that the task is virtually impossible.
In this concise and lucid book, Daniel J. Solove offers a comprehensive overview of the difficulties involved in discussions of privacy and ultimately provides a provocative resolution. He argues that no single definition can be workable, but rather that there are multiple forms of... View Details
Privacy: A Very Short Introduction (Very Short Introductions)
by Raymond Wacks (Author)
Some would argue that scarcely a day passes without a new assault on our privacy. In the wake of the whistle-blower Edward Snowden's revelations about the extent of surveillance conducted by the security services in the United States, Britain, and elsewhere, concerns about individual privacy have significantly increased. The Internet generates risks, unimagined even twenty years ago, to the security and integrity of information in all its forms.
The manner in which information is collected, stored, exchanged, and used has changed forever; and with it, the character of the threats to... View Details
Privacy and Freedom
by Alan F. Westin (Author), Daniel J. Solove (Introduction)
"He was the most important scholar of privacy since Louis Brandeis."Jeffrey Rosen
In defining privacy as the claim of individuals
to determine for themselves when, how and to what extent information about them is communicated,” Alan Westin’s 1967 classic Privacy and Freedom laid the philosophical groundwork for the current debates about technology and personal freedom, and is considered a foundational text in the field of privacy law.
By arguing that citizens retained control over how their personal data was used, Westin redefined privacy as an individual... View Details
The Poverty of Privacy Rights
by Khiara M. Bridges (Author)
The Poverty of Privacy Rights makes a simple, controversial argument: Poor mothers in America have been deprived of the right to privacy.
The U.S. Constitution is supposed to bestow rights equally. Yet the poor are subject to invasions of privacy that can be perceived as gross demonstrations of governmental power without limits. Courts have routinely upheld the constitutionality of privacy invasions on the poor, and legal scholars typically understand marginalized populations to have "weak versions" of the privacy rights everyone else enjoys. Khiara M. Bridges investigates... View Details
Privacy, Law Enforcement and National Security (Aspen Select) (Aspen Custom Publishing)
by Daniel J. Solove (Author), Paul M. Schwartz (Author)
Developed from the casebook, Information Privacy Law, this short paperback contains key cases and materials focusing on privacy issues related to government surveillance and national security. It can be used as a supplement to general criminal procedure courses, as it covers electronic surveillance law and national security surveillance extensively, topics that many criminal procedure casebooks don t cover in depth.
Topics covered include:Fourth AmendmentThird Party DoctrineMetadata, sensory enhancement technologyVideo surveillance, audio surveillance, location tracking, and GPS... View Details
Privacy (BIG IDEAS//small books)
by Garret Keizer (Author)
American essayist and Harper's contributing editor Garret Keizer offers a brilliant, literate look at our strip-searched, over-shared, viral-videoed existence.
Body scans at the airport, candid pics on Facebook, a Twitter account for your stray thoughts, and a surveillance camera on every street corner -- today we have an audience for all of the extraordinary and banal events of our lives. The threshold between privacy and exposure becomes more permeable by the minute. But what happens to our private selves when we cannot escape scrutiny, and to our public personas when they... View Details
Privacy: A Short History
by David Vincent (Author)
Privacy: A Short History provides a vital historical account of an increasingly stressed sphere of human interaction. At a time when the death of privacy is widely proclaimed, distinguished historian, David Vincent, describes the evolution of the concept and practice of privacy from the Middle Ages to the present controversy over digital communication and state surveillance provoked by the revelations of Edward Snowden.
Deploying a range of vivid primary material, he discusses the management of private information in the context of housing, outdoor spaces, religious... View Details