Fitness trackers an easy target for hacking study suggests

The majority of fitness trackers currently on the market can be easily hacked, even by attackers with limited IT skills, a study has revealed.

A team of researchers from the Italian University of Padua and Germany’s Technical University of Darmstadt attempted to falsify data acquired by 17 different devices as they were being stored on a cloud server or a smartphone.

They found that only four makers made any effort to protect the data from unauthorised access and manipulation. Some devices, even though not synchronised with the cloud, were storing data in the form of plain text, completely unencrypted. The devices would still synchronise with a smartphone, which means the data would be easily accessible through the smartphone, possibly with malware. None of the devices was found to use end-to-end encryption.

Fitness tracker data does reveal private information about the user. The data can have commercial value as it is increasingly sought after by health insurance companies wishing to assess the lifestyle of an insured person. According to Forbes Magazine, fitness tracker data is regularly being used as evidence in court trials in the USA, with both the police and attorneys perceiving the technology as a 'black box' for the human body.

The results of the research, however, reveal that such data is less then reliable and could be modified by anyone wishing to do so.

“Health insurances and all other companies who want to use fitness trackers for their services should seek advice from security experts before doing so,“ said Ahmad-Reza Sadeghi, system security professor at TU Darmstadt.

Most of the flaws identified in the study, the researchers said, could be fixed with already existing technologies. “It’s just that the manufacturers have to put some more effort in employing these technologies in their products,“ Sadeghi remarked.

Data transmission, processing as well as storage itself should be properly covered, the researchers said, due to the sensitive nature of the data.

“Scammers can manipulate the data even with very little IT knowledge”, Sadeghi warned.

The team examined devices from various manufacturers, including Xiaomi, Garmin and Jawbone.

The popularity of fitness trackers is on the rise. In the first quarter of 2016, 20 million devices were sold worldwide. Many of them use GPS to track the kilometres the user walks or runs, measure heart rate and pulse or check if the user is asleep. Apple made much of the fitness tracking capabilities of its new Watch Series 2 wearable this week, as well as its partnership with Nike.

Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.

Recent articles