Reading Time: ~3 min.
Fitness trackers and other digital wearables have unlocked a new era of convenience and engagement in consumer health. Beyond general fitness trackers, you can find wearables for a variety of purposes; some help diabetics, some monitor for seizure activity, and some can aid in senior citizens’ health and quality of life. But the convenience of an interconnected lifestyle may be a double-edged sword. Fitness trackers and wearables are notoriously unsecured. Wearables record and store some of our most sensitive health data—which is often 10x more valuable than a stolen credit card— making them a particularly attractive target for hackers.
So what types of data does your fitness
tracker store? For a start, it holds the identifying information required to
set up your account, such as your email, username, and password. But other
fitness tracking specifics can make a user easier to identify, including as
gender, birthdate, geographical location, height, and weight. Health and
activity data provides an in-depth look at the user’s daily habits through the
power of GPS monitoring. If your device is paired inside of a network, other
personal device information will also be stored, such as your Unique Device IDs
or MAC addresses. Depending on the device, your wearables may also store your
credit card information or bank account information.
Because of their versatility, wearables and
fitness trackers leave us vulnerable in many ways. In last year’s MyFitnessPal
hack, which affected 150 million users, attackers hoped
to access credit card information but came away with only usernames and
passwords. But what about the information that is more specific to wearables,
like GPS tracking? After the fitness tracker Strava revealed hidden army bases
through heatmap tracking, the Pentagon began to restrict the use of wearables
by military personnel due to the potential security threat. And the recently
vulnerability left thousands of children unsecured,
allowing hackers to track their movements, listen in on conversations, and
actually call children on their smart watches.
Even with these concerns, the wearables market
continues to grow, with the prevalence of such devices predicted to double by 2021. Large healthcare
organizations and insurance carriers are also starting to use insights from
fitness trackers to influence both patient care and insurance rates. We’re even
beginning to see the introduction of wearables for employee tracking, although
this has met with mixed response. With this increased exposure to potentially
insecure technologies, you’ll need to take extra steps to ensure your family’s
Where to start
Always research any fitness trackers or
wearable devices before you commit, and be sure to avoid devices with any known
security flaws. Notable examples to
avoid are Medion’s Life S2000 Activity Tracker and Moov’s Now tracker. The Life
S2000 requires no authentication and sends data unencrypted, and the Now
tracker can leave users vulnerable to attack via Bluetooth connectivity. Even
larger brands like Lenovo struggle to maintain an adequate level of security in
their fitness trackers; the Lenovo HW01 smart band sends both registration and
login data to its servers unencrypted.
Wearables and fitness trackers are here to stay, and the Internet of Things (IOT) is only going to keep growing. We have to work together to protect ourselves as we integrate these technologies into our daily lives. After all, the price of convenience cannot match the value of our personal security.
As always, be sure to check back here to stay updated on the newest cybersecurity trends.