Smart Home

Smart Watch and Fitness Trackers Could Leak User Data

Manufacturers are still careless when it comes to IoT security, as seven of the newest Android-based fitness trackers and Apple’s smart watch have shown security weaknesses that hackers can use to steal and manipulate data, AV-TEST found.

AV-TEST ran risk assessment tests in areas such as the security of connection, authentication, online communication, visibility and privacy for Basis Peak, Microsoft Band 2, Mobile Action Q-Band, Pebble Time, Runtastic Moment Elite, Striiv Fusion, Xiaomi MiBand and the Apple Watch. The focus was to investigate whether the data was secure and protected against third-party hacking, spying and manipulation.

The most red flags were raised by Runtastic, Striiv and Xiaomi, with seven or eight risk points out of a possible 10.

“These products can be tracked rather easily, use inconsistent or no authentication or tamper protection, the code of the apps is not sufficiently obfuscated, and data traffic can be manipulated and monitored with root certificates,” the report said. “Worst of all, Xiaomi even stores its entire data unencrypted on the smartphone.”

The most secure proved Pebble Time, Microsoft Band 2, Basis Peak and the Apple Watch, the latter being more difficult to hack in spite of some theoretical vulnerabilities. “If airplane mode is switched on and off, however, the Apple Watch always shows its genuine MAC address to the Bluetooth components. This should actually not be the case.”

With over 75 million sold in 2015, health insurance companies encourage users to purchase these wearables, sometimes even offering incentives. International Data Corporation (IDC) anticipates the number of wearables sold in 2016 will surpass 100 million.

About the author

Luana PASCU

From a young age, Luana knew she wanted to become a writer. After having addressed topics such as NFC, startups, and tech innovation, she has now shifted focus to internet security, with a keen interest in smart homes and IoT threats. Luana is a supporter of women in tech and has a passion for entrepreneurship, technology, and startup culture.

2 Comments

Click here to post a comment
  • It’s sad but true, that these Smart Watches & Fitness Trackers can possibly leak the collected data of users. But, the worst scenario is that, these devices ask for too much information, which is not worth asking for. Apart from this, some devices made by any beginner company does not even offer enough security for these devices, so it even makes it vulnerable to attacks, and even a minor attack can not only harm the collected information of this devices but also become capable of infecting other devices which gets connected with it.

    More to add, people are even allowed to bring their devices at work place, so its but natural it might be getting connected with the networks of organization or company as well. So, once they leave the company no one is aware where these devices will be and through which network it will get connected next. In other words, if the compromised device gets connected with the network of organization, it can become risky for the company itself, as there can be the possibility of the data leak from company too.

  • Hey Luana, nice blog!

    I think data security should be a big point in tech-companies, but in my opinion most companien are careless. A few weeks ago I read that yahoo lost a big sum of data of their user..that is awful. Tech companies have a social responsibility and they should act like these! (sry for my English, I am a german guy)

    Last week I have read another post about data protection and Fitnesstracker (source: http://fitness-track.de/datenschutz-und-fitness-armbaender-passt-das-zusammen/) Its about a study. The researcher find out that most Fitnesstrackers are not safe. They checked 16 Trackers and in each case there was something wrong. This is so scary …..

    Greetings from Munich,
    Stefan