Trending Science: Fitness trackers and personal data insecurities
Researchers have identified serious data privacy vulnerabilities in the increasingly popular wearable devices, that threaten their trustworthiness.
The latest self-tracking health gadgets or fitness trackers continue to offer us addictive data that tracks our daily whereabouts, activity, exercise, sleep, heart rate, weight, nutrition and step count. They increasingly come with novel interactive features such as user blogs and the formation of groups to compete against. For your writer – a once avid runner until becoming a recent father of twins – the technology offers a chance to self-coach his road to a slow recovery and return to a healthy and fit life.
Nevertheless, the host of shared and tracked data may come at a heavy price. Our personal data protection could be exposed, according to a research team at the University of Edinburgh. They show that substantial data security flaws exist in the way such personal data gets recorded, communicated and shared, while being used innocently. These fitness tracking gadgets have weak security spots which third parties could use to their benefit and at our expense.
In collaboration with Technische Universitat Darmstadt, Germany, and the University of Padua, Italy, the University of Edinburgh research team carried out an in-depth security analysis and their own fitness tests of two popular models of wearable fitness trackers made by Fitbit. The findings illustrated how the system that keeps data on the devices secure - called end-to-end encryption - can in fact be circumvented. The team found ways of intercepting messages transmitted between fitness trackers and cloud servers - where data is sent for analysis. This allowed them to access personal information and create false activity records. In effect, by dismantling devices and modifying information stored in their memory, researchers could bypass the encryption system and gain access to once stored and secured private data.
As a result, for users this means that if these frailties ran into the wrong hands, our private data could be sold, used for extortion and manipulated. For example, data being shared with marketing agencies and online retailers could result in fraudsters providing fake health records to receive cheaper insurance cover which rewards physical activity and healthier living.
Dr Paul Patras, part of University of Edinburgh''s School of Informatics study underlines, ‘Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology development.’ Dr Patras was also part of the EU-funded FLAVIA project (2010-2013) which highlighted the importance of constantly upgrading wireless network operations.
To ensure that users’ personal data remains private and secure, researchers are now sharing important guidelines to help manufacturers reverse the data defects with future gadgets and apps that are more secure and not exposed to potential new attacks.
In response to these findings, Fitbit is now starting to design software that improves the privacy and security of its devices.
‘We welcome Fitbit''s receptiveness to our findings, their professional attitude towards understanding the vulnerabilities we identified and the timely manner in which they have improved the affected services,’ shared Dr Patras.
Only time will tell if fitness trackers are themselves fit enough and exercising regularly to keep pace with the latest security threats to provide customers with feats of healthy data security.
published: 2017-10-09