Fitness Tracker Vulnerabilities and How to Deal with Them

If Fitbit Charge users were wearing their fitness trackers when they heard the news about Fitbit user accounts being hacked, they probably saw their heart rates increase. On January 6, 2016, BuzzFeed News broke the story on how cybercriminals hacked multiple Fitbit user accounts. They changed email addresses and usernames as well as tried to swindle Fitbit out of replacement items under warranty.

The cybercriminals also gained access to Fitbit users' data, according to BuzzFeed News. The data includes activity-related metrics, such as the number of steps taken and calories burned. It also includes where users are performing those activities and what time they usually go to sleep if their devices have Global Positioning System (GPS) and sleep-tracking functionality.

This cyberattack begs the question: What are the fitness trackers' vulnerabilities and how can you deal with them? To answer it, you first need to know how they work.

How Fitness Trackers Work

Fitness trackers use various sensors that continuously generate data about the wearer. Because the devices need to be small and lightweight, they do not store or process this data. Instead, they typically use short-range wireless transmissions to send the data to smartphones (or computers) for storage. Apps on these devices analyze the data and display the results. Oftentimes, these apps also send a copy of the data to cloud-based servers hosted by the fitness tracker vendors. Besides storing the data, the vendors sometimes offer additional services, such as more detailed analyses.

Because fitness trackers work this way, there are security vulnerabilities on several fronts:

When the data is sent to the smartphone
When the data is sent to the vendor's cloud servers
When the data is stored in the cloud

Read the full article