Nav: Home

Fitness trackers could benefit from better security, study finds

September 14, 2017

The security of wearable fitness trackers could be improved to better protect users' personal data, a study suggests.

Vulnerabilities in the devices - which track heart rate, steps taken and calories burned - could threaten the privacy and security of the data they record, scientists say.

Exploiting security weak spots in the communication procedures of some gadgets could allow unauthorised sharing of personal data with third parties. These include online retailers and marketing agencies, the team says.

Such frailties could also be targeted to create fake health records. By sending insurance companies false activity data, fraudsters could obtain cheaper cover from insurers that reward physical activity with lower premiums, researchers say.

A team at the University of Edinburgh carried out an in-depth security analysis of two popular models of wearable fitness trackers made by Fitbit.

The researchers discovered a way of intercepting messages transmitted between fitness trackers and cloud servers - where data is sent for analysis. This allowed them to access personal information and create false activity records.

The team also demonstrated how the system that keeps data on the devices secure - called end-to-end encryption - can be circumvented. By dismantling devices and modifying information stored in their memory, researchers bypassed the encryption system and gained access to stored data.

Researchers have produced guidelines to help manufacturers remove similar weaknesses from future system designs to ensure users' personal data is kept private and secure.

In response to the findings, Fitbit has developed software patches to improve the privacy and security of its devices.

The findings will be presented at the International Symposium on Research in Attacks (RAID) on 18-20 September. The research was carried out in collaboration with Technische Universitat Darmstadt, Germany, and the University of Padua, Italy. The Edinburgh researchers were part-funded by the Scottish Informatics and Computer Science Alliance.

Dr Paul Patras, of the University of Edinburgh's School of Informatics, who took part in the study, said: "Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology development. We welcome Fitbit's receptiveness to our findings, their professional attitude towards understanding the vulnerabilities we identified and the timely manner in which they have improved the affected services."
-end-


University of Edinburgh

Related Privacy Articles:

Kids, parents alike worried about privacy with internet-connected toys
University of Washington researchers have conducted a new study that explores the attitudes and concerns of both parents and children who play with internet-connected toys.
Study applies game theory to genomic privacy
A new study from Vanderbilt University presents an unorthodox approach to protect the privacy of genomic data, showing how optimal trade-offs between privacy risk and scientific utility can be struck as genomic data are released for research.
When artistic freedom violates somebody's privacy
It can be quite an honor to be included in a literary work -- but it may also be a demeaning experience.
Study examines effect of privacy controls on Facebook behavior
A new study from the Naveen Jindal School of Management at UT Dallas assesses the impact of Facebook's granular privacy controls and its effects on user disclosure behavior.
Mobile app behavior often appears at odds with privacy policies
How a mobile app says it will collect or share a user's personal information with third parties often appears to be inconsistent with how the app actually behaves, a new automated analysis system developed by Carnegie Mellon University has revealed.
Children's health and privacy at risk from digital marketing
For the first time, researchers and health experts have undertaken a comprehensive analysis of the concerning situation in the World Health Organisation European Region regarding digital marketing to children of foods high in fats, salt and sugars
Exploring the relationship of ethics and privacy in learning analytics and design
The Springer journal Educational Technology Research and Development has published a special issue that examines the relationship of ethics and privacy in learning analytics, guest edited by Dr.
Just give me some privacy
Not everyone who strives to navigate the internet without being tracked is up to no good.
System helps protect privacy in genomic databases
In the latest issue of the journal Cell Systems, researchers from MIT's Computer Science and Artificial Intelligence Laboratory and Indiana University at Bloomington describe a new system that permits database queries for genome-wide association studies but reduces the chances of privacy compromises to almost zero.
IU study finds despite expectations of privacy, one in four share sexts
A new study from Indiana University researchers shows that although most people who engage in sexting expect their messages to remain private, nearly one in four people are sharing the sexual messages they receive.

Related Privacy Reading:

Privacy: And How to Get It Back (Curious Reads)
by B J Mendelson (Author)

In this forceful short book, technology guru and author of the best-selling Social Media is Bull (St. Martins Press) B.J. Mendelson exposes the crude reality behind the smiley face of internet networking: data trading. We are all auctioning our personal information, the book argues, to the highest bidder. Mendelson discusses the end of privacy from a contemporary perspective, including chapters on:
Metadata and its uses Data auctions The Internet of Things The use of social media for surveillance and suppression Just how safe is Cloud technology The Big Business of Big Data... View Details


Privacy’s Blueprint: The Battle to Control the Design of New Technologies
by Woodrow Hartzog (Author)

Every day, Internet users interact with technologies designed to undermine their privacy. Social media apps, surveillance technologies, and the Internet of Things are all built in ways that make it hard to guard personal information. And the law says this is okay because it is up to users to protect themselves―even when the odds are deliberately stacked against them.

In Privacy’s Blueprint, Woodrow Hartzog pushes back against this state of affairs, arguing that the law should require software and hardware makers to respect privacy in the design of their products. Current... View Details


Privacy: What Everyone Needs to Know®
by Leslie P. Francis (Author), John G. Francis (Author)

We live more and more of our lives online; we rely on the internet as we work, correspond with friends and loved ones, and go through a multitude of mundane activities like paying bills, streaming videos, reading the news, and listening to music. Without thinking twice, we operate with the understanding that the data that traces these activities will not be abused now or in the future. There is an abstract idea of privacy that we invoke, and, concrete rules about our privacy that we can point to if we are pressed. Nonetheless, too often we are uneasily reminded that our privacy is not... View Details


The Complete Privacy & Security Desk Reference: Volume II: Physical (Volume 2)
by Michael Bazzell (Author), Justin Carroll (Contributor)

The first volume of this series made you digitally invisible. This book continues with your journey and explores complete physical privacy and security in the real world. After 100 pages of updates from the previous volume (Digital), this book explains how to be private and secure in your home and while you travel. You will create a more secure home perimeter, use living trusts, land trust and LLC's to privately title your home, apply physical disinformation techniques around your property, execute a fail-proof firewall to protect your entire home network and devices, install better locks on... View Details


The Known Citizen: A History of Privacy in Modern America
by Sarah E. Igo (Author)

Every day, Americans make decisions about their privacy: what to share and when, how much to expose and to whom. Securing the boundary between one’s private affairs and public identity has become a central task of citizenship. How did privacy come to loom so large in American life? Sarah Igo tracks this elusive social value across the twentieth century, as individuals questioned how they would, and should, be known by their own society.

Privacy was not always a matter of public import. But beginning in the late nineteenth century, as corporate industry, social institutions, and the... View Details


Habeas Data: Privacy vs. the Rise of Surveillance Tech
by Cyrus Farivar (Author)

A book about what the Cambridge Analytica scandal shows: That surveillance and data privacy is every citizens’ concern

An important look at how 50 years of American privacy law is inadequate for the today's surveillance technology, from acclaimed Ars Technica senior business editor Cyrus Farivar.

Until the 21st century, most of our activities were private by default, public only through effort; today anything that touches digital space has the potential (and likelihood) to remain somewhere online forever. That means all of the technologies that have made... View Details


Privacy in the Age of Big Data: Recognizing Threats, Defending Your Rights, and Protecting Your Family
by Theresa Payton (Author), Ted Claypoole (Author), Hon. Howard A. Schmidt (Foreword)

Digital data collection and surveillance gets more pervasive and invasive by the day; but the best ways to protect yourself and your data are all steps you can take yourself. The devices we use to get just-in-time coupons, directions when we’re lost, and maintain connections with loved ones no matter how far away they are, also invade our privacy in ways we might not even be aware of. Our devices send and collect data about us whenever we use them, but that data is not safeguarded the way we assume it would be.

Privacy is complex and personal. Many of us do not know the full... View Details


The Complete Privacy & Security Desk Reference: Volume I: Digital (Volume 1)
by Michael Bazzell (Author), Justin Carroll (Author)

This textbook, at nearly 500 pages, will explain how to become digitally invisible. You will make all of your communications private, data encrypted, internet connections anonymous, computers hardened, identity guarded, purchases secret, accounts secured, devices locked, and home address hidden. You will remove all personal information from public view and will reclaim your right to privacy. You will no longer give away your intimate details and you will take yourself out of 'the system'. You will use covert aliases and misinformation to eliminate current and future threats toward your... View Details


Ex-Con’s Guide To Privacy: How To Escape All Surveillance

Can I teach you about privacy? The authorities think so: “Until [censored], I never encountered a suspect capable of covering ALL his tracks.” He was “The Best.” - US Government Agent. The Ex-Con’s Guide To Privacy provides workable solutions to all of the problems made public by Edward Snowden’s claims and revelations: The interception and storage of your emails in databases, the monitoring of your phone's location 24/7 to determine who your associates are, and the eavesdropping on your phone conversations to name only a few privacy violations. Read Ex-Con's Guide To Privacy for... View Details


The Right of Publicity: Privacy Reimagined for a Public World
by Jennifer Rothman (Author)

Who controls how one’s identity is used by others? This legal question, centuries old, demands greater scrutiny in the Internet age. Jennifer Rothman uses the right of publicity―a little-known law, often wielded by celebrities―to answer that question, not just for the famous but for everyone. In challenging the conventional story of the right of publicity’s emergence, development, and justifications, Rothman shows how it transformed people into intellectual property, leading to a bizarre world in which you can lose ownership of your own identity. This shift and the right’s... View Details

Best Science Podcasts 2018

We have hand picked the best science podcasts for 2018. Sit back and enjoy new science podcasts updated daily from your favorite science news services and scientists.
Now Playing: TED Radio Hour

The Person You Become
Over the course of our lives, we shed parts of our old selves, embrace new ones, and redefine who we are. This hour, TED speakers explore ideas about the experiences that shape the person we become. Guests include aerobatics pilot and public speaker Janine Shepherd, writers Roxane Gay and Taiye Selasi, activist Jackson Bird, and fashion executive Kaustav Dey.
Now Playing: Science for the People

#478 She Has Her Mother's Laugh
What does heredity really mean? Carl Zimmer would argue it's more than your genes along. In "She Has Her Mother’s Laugh: The Power, Perversions, and Potential of Heredity", Zimmer covers the history of genetics and what kinship and heredity really mean when we're discovering how to alter our own DNA, and, potentially, the DNA of our children.