Health and Fitness trackers, the sales of which are expected to double this year, are an easy and increasingly popular means of recording and analyzing exercise and activity. This convenience comes at a risk however, warns ESET, as the data these devices transmit can easily be intercepted by hackers, potentially exposing a trove of fitness data from wearables.
“As they are designed to continuously monitor very personal data about the users health and life patters, the information they transmit can represent a great deal of information about the individual,” said Mohamed Djenane, security specialist at ESET Middle East. “There is no doubt that no user would be comfortable knowing that this personal information is being accessed by a unknown stranger.”
According to Djenane, the security vulnerability arises out of the use of Bluetooth Low Energy (BLE) technology which connects these devices to things like smartphones and tablets. Bluetooth Low Energy has proven quite popular as it considerably reduces power consumption, making it ideal for devices that are constantly transmitting information such as wearables. The downside of this is that this constant data travel potentially leaves it open to interception by hackers.
These trackers have security measures meant to protect their device addresses. But in many cases, the random addresses for BLE devices are poorly implemented or not applied to certain devices, meaning that devices either remained fixed or poorly randomized. As a result, an app and a smartphone are enough for hackers to intercept private data.
While the assumed 50 meter BLE range would limit the scope for malicious activity, there’s the possibility that an attacker could increase the range. In demonstrations, researchers have managed to boost regular Bluetooth’s range eight-fold with a directional antenna. If the same could be done here, the privacy threat becomes greater.
“The take-away for users is that new and emerging technologies usually have associated IT security risks. Unfortunately, hackers seem to uncover these faster than device manufacturers. So it helps to stay weary, and keep yourself constantly aware of the latest threats to make sure the next device you purchase doesn’t compromise your security,” concludes Djenane.