It seems that fitness trackers could be involved in crucial security and privacy issues, according to a report published on Tuesday by researchers at the University of Toronto. Brands such as Fitbit, Basis, Garmin, Jawbone, Mio, Withings and Xiaomi, are selling devices that could allow anyone to track the location of users. Also, some sport bands are transmitting unencrypted information.
Findings seem to suggest that hackers could be able to trace users via Bluetooth, even if their sport bands are not paired to an smartphone or if the Bluetooth is off, since most of the fitness tracker devices have an unique identifier. Researchers said that the Apple Watch cannot be tracked, because it uses Bluetooth LE to constantly generate MAC addresses in order to prevent tracking.
The report “Every Step You Fake: A Comparative Analysis of Fitness Tracker Privacy and Security,” was made with the collaboration of a non-profit research group called Open Effect and the Citizen Lab at the Munk School of Global Affairs at University of Toronto.
Market analysts have reported that the wearable gadgets industry has been increasing its sales since the last two years. It is expected that the market value of wearable devices would increase to $5.4 billion by 2019. In the second quarter of 2015, Apple and Fitbit sold 8 million units of sport bands and smartwatches with features such as heart rate monitors, and step counters.
According to Mr. Hilts, the executive director of Open Effect, hackers and analytics firms can easily detect the unique identifier that the devices have, in order to collect data such as location and “whole lot more”. The researcher added that even when users turn off Bluetooth on their smartphones and bands, the tracker still emits information.
Researchers wrote in a press release that there is a Bluetooth privacy standard that allows manufacturers to protect the privacy of their users. Hilts said that the team is trying to encourage fitness tracking companies to adopt this security standards to avoid putting users at risk.
“We hope our findings will help consumers make more informed decisions about how they use fitness trackers, help companies improve the privacy and security of their offerings, and help regulators understand the current landscape of wearable products,” said the study authors in a press release on Tuesday.
Authors also stressed that it is important to not to underestimate the power of user’s data, since the discovered security issues could allow users to falsify their activity levels. Also, data-collecting companies and health insurance companies could be funding secret investigations.
Source: University of Toronto