Surprising No One, or Possibly Everyone, Fitness Trackers Aren’t Secure

Future Tense
The Citizen's Guide to the Future
Aug. 1 2014 1:33 PM

Surprising No One, or Possibly Everyone, Fitness Trackers Aren’t Secure

fitness
Are fitness trackers leaking data?

Graphic from Shutterstock/JMici.

We all know that cybersecurity is a problem. Twitter accounts, credit card data, and all manner of portable gadgets get hacked every day. So we’ve all kind of been waiting for the other shoe to drop with wearables, right? Or maybe we’ve made the same mistake we always make and blissfully assumed that our fitness trackers were secure. Well, they're not.

Lily Hay Newman Lily Hay Newman

Lily Hay Newman is lead blogger for Future Tense.

In the study “How Safe Is Your Quantified Self?,” security giant Symantec explores vulnerabilities in everything from dedicated wearable trackers to apps that coordinate with smartphone sensors to collect fitness data. And the results are concerning. The study explains, “Symantec has found security risks in a large number of self-tracking devices and applications. One of the most significant findings was that all of the wearable activity-tracking devices examined, including those from leading brands, are vulnerable to location tracking.” All of them.

Advertisement

Symantec describes how the more elements there are in quantified-self data collection, the more points of access there are for hackers. For example, if data is stored on a wearable device, is synced to a PC or smartphone, is stored on that additional device, and is also stored in the cloud, there are many opportunities for theft or infiltration into the system.

The company found that all the wearables it tested could be hacked to do location tracking on an individual, and it was especially easy on models using Bluetooth LE. Additionally, 20 percent of apps Symantec looked at sync login credentials without any encryption. And the apps and devices leak tons of raw data that may seem harmless, but can give hackers information about personal details like your daily schedule or sex life:

We ... found that even devices that are not obviously traceable can still be tracked wirelessly due to implementations that do not use available privacy features ... We would conclude that there are positive signs that some vendors are doing the right things, but far too many are not. Just how safe is your quantified self? We think that it could be an awful lot safer than it currently is.

It’s an especially bleak report when you think about how the rise of fitness trackers has largely overlapped with revelations about the reach and depth of government surveillance worldwide. People just want to trust their devices no matter how much evidence there is that they probably shouldn’t.

Future Tense is a partnership of SlateNew America, and Arizona State University.

  Slate Plus
Working
Nov. 27 2014 12:31 PM Slate’s Working Podcast: Episode 11 Transcript Read what David Plotz asked a helicopter paramedic about his workday.