There’s no doubt fitness trackers are a hot commodity with today’s consumer. Per an IDC study, in 2014, 26 million wearables were sold. That number rose to 75 million in 2015. This year, it’s expected to surpass the 100 million devices sold benchmark. And while most consumers are purchasing their tracker with the intent being to better monitor their physical health, unbeknownst to them is the extreme risk that their personal data is likely being exposed.
Security firm AV-Test recently concluded a test of seven popular Android-powered fitness trackers and found that many devices lacked secured connections or tamper protections. Varying levels of security were discovered within the group of devices, with some allowing hackers the ability to access or otherwise tamper with user data.
“As already witnessed in the initial test of fitness wristbands last year, many manufacturers are also committing similar errors in the current test,” the report states. “They often don't pay sufficient attention to the aspect of security.”
Among the riskiest of devices: Runtastic, Striiv, and Xiaomi. These three recorded seven to eight potential vulnerabilities out of 10.
“These products can be tracked rather easily, use inconsistent or no authentication or tamper protection, the code of the apps is not sufficiently obfuscated (to secure data), and data traffic can be manipulated and monitored with root certificates,” the report reads.
“Worst of all, Xiaomi even stores its entire data unencrypted on the smartphone.”
The most secure devices were Pebble Time, Microsoft Band 2, and Basis Peak. These trackers recorded two to three potential security risks.
Worth pointing out is the fact that the study also looked into the Apple Watch, but used a different set of criteria because of its operating system. The team that reviewed the device concluded it had a “high security rating” despite some “theoretical vulnerabilities”. In fact, the paper goes so far as to describe the device as “almost impossible to track”.
The Apple Watch’s most major vulnerability is when it is set to airplane mode. During this time, the device will reveal certain identifying characters that it otherwise should not.
Also, while the Apple Watch uses mostly encrypted connections that are also secured, updates are made through an unencrypted connection, an obvious security risk.
To learn more, read the AV-Test’s full study.
Learn more about Electronic Products Magazine