The fitness industry has forever been changed with the introduction of multi-functional, fitness trackers. With so many features, and a massive amount of data being collected, just how secure is all of our data? What do we need to know to protect data for ourselves and our loved ones?
A recent research study into security issues with fitness trackers, was performed by a team of Canadian researchers from Citizen Lab and Munk School of Global Affairs, a study titled “Every Step You Fake: A Comparative Analysis of Fitness Tracker Privacy and Security,” published by Open Effect, a non-profit research organization.
The study analyzed 8 different brands; Apple Watch, the Basis Peak, the Fitbit Charge HR, Garmin’s Vivosmart, the Jawbone Up 2, the Mio Fuse, the Withings Pulse O2, and the Xiaomi Mi Band. The researchers targeted the devices bluetooth capability to see just how much date could be extrapolated using a compatible device, like a cell phone or tablet.
Of the eight wearables tested, 7 wearables presented unique Bluetooth identifiers using the devices MAC address, allowing the wearable to be tracked by Bluetooth beacons. What are Bluetooth Beacons, who uses them and how might they interfere with security concerns?
Bluetooth beacons are hardware transmitters – a class of Bluetooth low energy (LE) devices that broadcast their identifier to nearby portable electronic devices. The technology enables smartphones, tablets and other devices to perform actions when in close proximity to a beacon.–wikipedia
The Bluetooth beacons are being used by shopping centers, stores and malls, much like your own line shopping, these beacons can expose you to retail stalking. A retailer may be personalizing advertisements, but how much of our data are they exposed too, and how can we control what data is leaked and what are we able to keep private?
It is important to note, the Applewatch, though the only true smartwatch studied in the research conducted by Open Effect, is able to take advantage of it’s built in Bluetooth LE ability to generate random MAC addresses to fend against potential location tracking.