These gadgets may appear like just a simple watch but are efficient to do much more than just disclosing time. So known as fitness trackers these devices collect data on the lifestyle of their users and also record information about their health status on a large scale assisting them with losing or training weight. Ahmad – Reza Sadeghi, the security professor of the system at the cyber security profile area (CYSEC) of the TU Darmstadt and his group identified fraudulent opportunities with fitness trackers and identified some flaws in the security systems.
The fame of such gadgets is regularly increasing. Globally, there are around 20 million fitness trackers that have been sold in the initial quarter of 2016. Most of them capture information via GPS. “The recorded data might not only be used by third parties,” says professor Sadeghi.
Information captured by fitness trackers have been utilized as evidence in the US court trials. Attorneys and police have instigated to recognize wearable gadgets as the ‘black box’ of thehuman body. Few health insurance entities presently introduced offer discounts for the insured person to offer personal data recording from fitness trackers. It could attract scammers who influencethe recorded data to earn financial gains or even direct a court trial,” states Sadeghi. All this confirms that more vital the processing, transmission and storing of essential personal data meet big safety standards.
For identifying this, the entire team performed a study in association with theUniversity of Padua on 17 distinct fitness trackers comprising devices from less renowned producers as well as gadgets from famous brands like Jawbone, Garmin, and Xiaomi. The scientists concentrated on analysing the information on their route to the cloud server through a “man in the middle” attack and analyzed the safety of communication protocols utilized by the fitness trackers.
Although, every cloud-based tracking gadget utilizes an encrypted protocol such as HTTPS to transfer data, the scientists were able to analyse data in all situations. Out of numerous fitness trackers analysed gadgets from producers took some small measures to safeguard data integrity that to make sure that information remains unaltered and intact. “Such hurdles cannot combat motivated attackers. Scammers can also analyse the data even with very less IT knowledge,” states Sadeghi. It is because no single tracker utilizes end-to-end encryption or other effectual tamper safeguarding measures when synchronizing information. “Health insurance, as well as all other entities that intend to utilize the fitness trackers for their services, must seek suggestion from safety experts before performing so,” suggests Sadeghi. The issues identified in the study could be rectified with known reliable technologies.
Filed Under: News