Is Your Fitness Tracker Leaking Your Training Stats? (and Does it Even Matter?)

Attention fitness freaks: A new report by the AV Test Institute, an independent testing lab, concluded that your fitness tracker may be sharing your calories burned, steps taken and stairs climbed with more than just you and your competition-minded buddies. The report found that the some of the most popular names in wearable tech are failing miserably when it comes to protecting user data.

The report tested nine of the most popular fitness trackers on the market:

-Acer Liquid Leap
-Polar Loop
-FitBit Charge
-Garmin Vivosmart
-Huawei TalkBand B1
-Jawbone Up24
-LG Lifeband Touch FB84
-Sony Smartband Talk SWR30
-Withings Pulse Ox

The distressing results found that the Acer Leap and the FitBit Charge (which, horror of horrors, I am wearing at this very moment) completely fall short when it comes to security. The other seven models fared better but the overall results were disheartening. The report analyzed bluetooth settings and other factors including whether or not code obfuscation is executed, if internet communication is encrypted and if data resides outside of secured memory among other factors. The Acer and FitBit models compromised user privacy on many levels. According to the report, the FitBit model doesn’t use any sort of authentication process and gives away information to any third party that cares to take it. The Acer wristband can be used with several smartphones at the same time, there is no code obfuscation at all and the wristband can “pair” to a device without confirmation.

Wearable Tech and What is yet to Come

At this point you may be asking yourself “Who really cares if someone finds out how many calories I burned today?” (I asked myself this at first as well) But think of this as a beginning. We have only approached the very edge of wearable tech and the AV Test Institute report should make us stop and think about what lies ahead. Last year Business Insider reported that fitness trackers were storing information in the cloud that could be easily hacked without even infiltrating your wristband or device. Location can be assessed in the blink of an eye because of the interaction of phone and fitness band. And according to Nicko Van Someren, CTO at Good Technology, the encryption standards on mobile devices and wearables isn’t very strong to begin with, so there is a good chance your information is readily accessible. And this is just what your tracker can do today. But the trackers of tomorrow may hold much more sensitive information regarding your health and habits. Is that really a road we want to go down unprepared?

It all Boils Down to the Fact that People are Lazy

I remember thinking “Wow, that was a breeze” as I finished setting up my FitBit Charge and that was the end of it. A password here and there. A few third party apps I connected to thrown in for good measure. Then it was up and running (and so was I). I was pleased as punch that I didn’t have to labor over it. It was easy, crisp and in a sense, dumbed down, just the way most consumers like their tech. Jean Yang, assistant professor at Carnegie Mellon hypothesizes in an article in the Technology Review that the reason that software is so vulnerable is because we, the end users, are lazy and can’t be bothered to go through all the necessary steps it would take to secure our data. Yang says “We find online life fun, so we tend to let sites do whatever they want with our personal data. Software companies respond by churning out new features as quickly as possible, using the most convenient materials and tools at the expense of security.”

So we are dumping security in favor of a brisk user experience. The British Newspaper the Telegraph quoted cyber security expert Tony Dyhouse, director of Trustworthy Software Initiative saying “the rapidly expanding market and soaring sales are tempting companies to prioritise new devices and features rather than security and reliability.… The rise of wearable health technology now means that improvements in reliability and security of software can really be a life or death issue.”

In a world where The Internet of Things and wearables are quickly becoming the norm we can no longer afford to be complacent when it comes to securing our data. Taking the easy, cursory way out only hurts us in the end. We need to show companies like FitBit and Acer that our security matters and they need to shape up. Because today it’s just a FitBit. Tomorrow it could be a “Smart Teddy”, designed to help nurses collect pediatric patient information in the least invasive manner or military helmets with connected displays for soldiers on battlefields. Either way, this is one fight worth breaking a sweat for.

Sources:

http://www.telegraph.co.uk/technology/news/11391941/Safety-of-fitness-trackers-is-life-or-death-issue.html

http://www.businessinsider.com/privacy-fitness-trackers-smartwatches-2014-10

http://www.av-test.org/en/news/news-single-view/test-fitness-wristbands-reveal-data/

http://www.technologyreview.com/view/538636/the-real-software-security-problem-is-us/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s