Fitness wearables are at risk for data breaches and fraud, says U of T study

Rob Attrell

February 2, 2016 2:22pm

With major technology companies like Fitbit, Garmin, and Jawbone working hard to make affordable fitness tracking devices, accuracy and service integration are often the main concerns for manufacturers.

Unfortunately, this means that in many cases, privacy and data protections are overlooked, leading some customers to worry they are being remotely tracked.

In a study from the University of Toronto, researchers examined the cybersecurity of fitness tracking devices from 8 major manufacturers, testing everything from data encryption, tamper resistance, and ID privacy. In several cases, the researchers were able to string together pieces of data over time based on a device ID in order to track individuals.

Another concern for the researchers is the ability to manipulate the fitness data from trackers to exaggerate activity in an attempt to commit fraud. Data from these devices is increasingly relied upon to provide evidence of activity for health insurance and corporate wellness programs.

Companies named in the report have expresses their own commitments to user privacy, and Withings is already revamping its applications to enhance encryption as a result of this study. The Apple Watch was one of the fitness wearables tested in this study, and results indicate that its randomized Bluetooth ID made it the best device for privacy among the products looked at.

ViaCBC
  • Mo Dabbas

    Insurance companies would be more than happy to pay hackers to do their nasty work on those fitness data. In many countries where you can’t have appropriate health care without insurance the amount of activity may greatly affect the decision when it comes to insuring individuals.