The Vulnerability of Fitness TrackersMarie Donlon | September 15, 2017
Fitness trackers, and the personal information they record (heart rate, steps taken, calories burned, etc.), may be vulnerable to hacking, according to researchers from the University of Edinburgh.
The personal data, according to the researchers, could be shared with third parties, such as marketing agencies and online retailers or used to manufacture false health records, netting hackers cheaper insurance coverage.
Studying two Fitbit models popular with consumers, researchers managed to intercept the data messages exchanged between the Fitbit and the data analysis hub (a cloud server).
Likewise, the researchers were also able to bypass the end-to-end data encryption system, giving the researchers access to the stored data.
Responding to the study findings, Fitbit has designed software patches to improve customer security.
Dr. Paul Patras, of the University of Edinburgh's School of Informatics, who took part in the study, said: "Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology development. We welcome Fitbit's receptiveness to our findings, their professional attitude towards understanding the vulnerabilities we identified and the timely manner in which they have improved the affected services."