How Secure are Wearable Devices?

Wearable devices are increasingly pervasive, especially those used to monitor our activity levels.  The industry has made strides to try and ensure they are as reliable as possible.

For instance, last year a team of researchers developed a mechanism to spot the difference between fake and real activity.

Once the new system had been trained on suitably dubious behavior, it was able to identify such behavior with an accuracy of 84%.

“As health care providers and insurance companies rely more on activity trackers, there is an imminent need to make these systems smarter against deceptive behavior,” the authors say. “We’ve shown how to train systems to make sure data is authentic.”

Secure data

A team from the University of Edinburgh are also working to ensure the data produced by wearable devices is secure.  In a recently published paper, the team argue that vulnerabilities in wearables could significantly threaten the privacy of users.

They suggest that the communication procedures of many wearable devices have distinct security weak spots that could allow unauthorized sharing of personal data.

The authors believe such weaknesses could have a particular impact in healthcare, where vulnerabilities could result in fake health records being created.  This is especially risky in private healthcare markets where premiums could be influenced by activity data.

The team analyzed two models of Fitbit and found a number of ways hackers could intercept data as it traveled between the devices and the cloud, and subsequently send false data in its stead.  They even highlighted how end-to-end encryption on the devices can be circumvented by dismantling each device and modifying the information stored directly on the memory.

They provide the industry with a number of tips and guidance for improving upon these weaknesses and to ensure future devices do a better job of securing personal data.  Indeed, as a direct result of the paper, Fitbit have developed a number of patches to do just that.

"Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology development. We welcome Fitbit's receptiveness to our findings, their professional attitude towards understanding the vulnerabilities we identified and the timely manner in which they have improved the affected services," the authors say.

In response to the report, I’ve received the following statement from FitBIt.

“As the leading wearables brand, we are committed to protecting consumer privacy and keeping data safe. We value the research the security community does in promoting best security practices. Based on our collaboration with the researchers, we are in the process of rolling out updates to address the issues raised by their report. We are not aware of any actual compromise of user data from these issues.  

We are always looking for ways to strengthen the security of our devices. All devices since the Fitbit Surge was launched in 2015 have implemented end-to-end encryption. The updates we are rolling out include ensuring encrypted communications for trackers launched prior to Surge. We are proud to be recognized by the researchers for employing the most effective security mechanisms in our products when compared to other vendors. 

The trust of our customers is paramount and we carefully design security measures for new products, continuously monitor for new threats, and diligently respond to identified issues. We always welcome feedback from the security community and encourage individuals to report any security concerns with Fitbit's products or services to security@fitbit.com.”

This post was published on the now-closed HuffPost Contributor platform. Contributors control their own work and posted freely to our site. If you need to flag this entry as abusive, send us an email.