Fitness trackers could benefit from better security, study findsSeptember 14, 2017
The security of wearable fitness trackers could be improved to better protect users' personal data, a study suggests.
Vulnerabilities in the devices - which track heart rate, steps taken and calories burned - could threaten the privacy and security of the data they record, scientists say.
Exploiting security weak spots in the communication procedures of some gadgets could allow unauthorised sharing of personal data with third parties. These include online retailers and marketing agencies, the team says.
Such frailties could also be targeted to create fake health records. By sending insurance companies false activity data, fraudsters could obtain cheaper cover from insurers that reward physical activity with lower premiums, researchers say.
A team at the University of Edinburgh carried out an in-depth security analysis of two popular models of wearable fitness trackers made by Fitbit.
The researchers discovered a way of intercepting messages transmitted between fitness trackers and cloud servers - where data is sent for analysis. This allowed them to access personal information and create false activity records.
The team also demonstrated how the system that keeps data on the devices secure - called end-to-end encryption - can be circumvented. By dismantling devices and modifying information stored in their memory, researchers bypassed the encryption system and gained access to stored data.
Researchers have produced guidelines to help manufacturers remove similar weaknesses from future system designs to ensure users' personal data is kept private and secure.
In response to the findings, Fitbit has developed software patches to improve the privacy and security of its devices.
The findings will be presented at the International Symposium on Research in Attacks (RAID) on 18-20 September. The research was carried out in collaboration with Technische Universitat Darmstadt, Germany, and the University of Padua, Italy. The Edinburgh researchers were part-funded by the Scottish Informatics and Computer Science Alliance.
Dr Paul Patras, of the University of Edinburgh's School of Informatics, who took part in the study, said: "Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology development. We welcome Fitbit's receptiveness to our findings, their professional attitude towards understanding the vulnerabilities we identified and the timely manner in which they have improved the affected services."
University of Edinburgh
Related Privacy Articles:
University of Washington researchers have conducted a new study that explores the attitudes and concerns of both parents and children who play with internet-connected toys.
A new study from Vanderbilt University presents an unorthodox approach to protect the privacy of genomic data, showing how optimal trade-offs between privacy risk and scientific utility can be struck as genomic data are released for research.
It can be quite an honor to be included in a literary work -- but it may also be a demeaning experience.
A new study from the Naveen Jindal School of Management at UT Dallas assesses the impact of Facebook's granular privacy controls and its effects on user disclosure behavior.
How a mobile app says it will collect or share a user's personal information with third parties often appears to be inconsistent with how the app actually behaves, a new automated analysis system developed by Carnegie Mellon University has revealed.
For the first time, researchers and health experts have undertaken a comprehensive analysis of the concerning situation in the World Health Organisation European Region regarding digital marketing to children of foods high in fats, salt and sugars
The Springer journal Educational Technology Research and Development has published a special issue that examines the relationship of ethics and privacy in learning analytics, guest edited by Dr.
Not everyone who strives to navigate the internet without being tracked is up to no good.
In the latest issue of the journal Cell Systems, researchers from MIT's Computer Science and Artificial Intelligence Laboratory and Indiana University at Bloomington describe a new system that permits database queries for genome-wide association studies but reduces the chances of privacy compromises to almost zero.
A new study from Indiana University researchers shows that although most people who engage in sexting expect their messages to remain private, nearly one in four people are sharing the sexual messages they receive.
Related Privacy Reading:
Privacy: And How to Get It Back (Curious Reads)
by B J Mendelson (Author)
In this forceful short book, technology guru and author of the best-selling Social Media is Bull (St. Martins Press) B.J. Mendelson exposes the crude reality behind the smiley face of internet networking: data trading. We are all auctioning our personal information, the book argues, to the highest bidder. Mendelson discusses the end of privacy from a contemporary perspective, including chapters on:
Metadata and its uses Data auctions The Internet of Things The use of social media for surveillance and suppression Just how safe is Cloud technology The Big Business of Big Data... View Details
Privacy’s Blueprint: The Battle to Control the Design of New Technologies
by Woodrow Hartzog (Author)
Every day, Internet users interact with technologies designed to undermine their privacy. Social media apps, surveillance technologies, and the Internet of Things are all built in ways that make it hard to guard personal information. And the law says this is okay because it is up to users to protect themselves―even when the odds are deliberately stacked against them.
In Privacy’s Blueprint, Woodrow Hartzog pushes back against this state of affairs, arguing that the law should require software and hardware makers to respect privacy in the design of their products. Current... View Details
Privacy: What Everyone Needs to Know®
by Leslie P. Francis (Author), John G. Francis (Author)
We live more and more of our lives online; we rely on the internet as we work, correspond with friends and loved ones, and go through a multitude of mundane activities like paying bills, streaming videos, reading the news, and listening to music. Without thinking twice, we operate with the understanding that the data that traces these activities will not be abused now or in the future. There is an abstract idea of privacy that we invoke, and, concrete rules about our privacy that we can point to if we are pressed. Nonetheless, too often we are uneasily reminded that our privacy is not... View Details
The Complete Privacy & Security Desk Reference: Volume II: Physical (Volume 2)
by Michael Bazzell (Author), Justin Carroll (Contributor)
The first volume of this series made you digitally invisible. This book continues with your journey and explores complete physical privacy and security in the real world. After 100 pages of updates from the previous volume (Digital), this book explains how to be private and secure in your home and while you travel. You will create a more secure home perimeter, use living trusts, land trust and LLC's to privately title your home, apply physical disinformation techniques around your property, execute a fail-proof firewall to protect your entire home network and devices, install better locks on... View Details
The Known Citizen: A History of Privacy in Modern America
by Sarah E. Igo (Author)
Every day, Americans make decisions about their privacy: what to share and when, how much to expose and to whom. Securing the boundary between one’s private affairs and public identity has become a central task of citizenship. How did privacy come to loom so large in American life? Sarah Igo tracks this elusive social value across the twentieth century, as individuals questioned how they would, and should, be known by their own society.
Privacy was not always a matter of public import. But beginning in the late nineteenth century, as corporate industry, social institutions, and the... View Details
Habeas Data: Privacy vs. the Rise of Surveillance Tech
by Cyrus Farivar (Author)
A book about what the Cambridge Analytica scandal shows: That surveillance and data privacy is every citizens’ concern
An important look at how 50 years of American privacy law is inadequate for the today's surveillance technology, from acclaimed Ars Technica senior business editor Cyrus Farivar.
Until the 21st century, most of our activities were private by default, public only through effort; today anything that touches digital space has the potential (and likelihood) to remain somewhere online forever. That means all of the technologies that have made... View Details
Privacy in the Age of Big Data: Recognizing Threats, Defending Your Rights, and Protecting Your Family
by Theresa Payton (Author), Ted Claypoole (Author), Hon. Howard A. Schmidt (Foreword)
Digital data collection and surveillance gets more pervasive and invasive by the day; but the best ways to protect yourself and your data are all steps you can take yourself. The devices we use to get just-in-time coupons, directions when we’re lost, and maintain connections with loved ones no matter how far away they are, also invade our privacy in ways we might not even be aware of. Our devices send and collect data about us whenever we use them, but that data is not safeguarded the way we assume it would be.
Privacy is complex and personal. Many of us do not know the full... View Details
The Complete Privacy & Security Desk Reference: Volume I: Digital (Volume 1)
by Michael Bazzell (Author), Justin Carroll (Author)
This textbook, at nearly 500 pages, will explain how to become digitally invisible. You will make all of your communications private, data encrypted, internet connections anonymous, computers hardened, identity guarded, purchases secret, accounts secured, devices locked, and home address hidden. You will remove all personal information from public view and will reclaim your right to privacy. You will no longer give away your intimate details and you will take yourself out of 'the system'. You will use covert aliases and misinformation to eliminate current and future threats toward your... View Details
Ex-Con’s Guide To Privacy: How To Escape All Surveillance
Can I teach you about privacy? The authorities think so: “Until [censored], I never encountered a suspect capable of covering ALL his tracks.” He was “The Best.” - US Government Agent. The Ex-Con’s Guide To Privacy provides workable solutions to all of the problems made public by Edward Snowden’s claims and revelations: The interception and storage of your emails in databases, the monitoring of your phone's location 24/7 to determine who your associates are, and the eavesdropping on your phone conversations to name only a few privacy violations. Read Ex-Con's Guide To Privacy for... View Details
The Right of Publicity: Privacy Reimagined for a Public World
by Jennifer Rothman (Author)
Who controls how one’s identity is used by others? This legal question, centuries old, demands greater scrutiny in the Internet age. Jennifer Rothman uses the right of publicity―a little-known law, often wielded by celebrities―to answer that question, not just for the famous but for everyone. In challenging the conventional story of the right of publicity’s emergence, development, and justifications, Rothman shows how it transformed people into intellectual property, leading to a bizarre world in which you can lose ownership of your own identity. This shift and the right’s... View Details