Every breath you take, every move you make: Do fitness trackers pose privacy risks? – We Live Security

January 26, 2022 by No Comments

Should you beware of wearables? Here’s what you should know about the potential security and privacy risks of your smartwatch or fitness tracker.

Smartwatches, fitness trackers and other wearables are fast becoming almost as familiar to us as our mobile phones and tablets. These connected gadgets do much more than tell the time. They track our health, display our emails, control our smart homes and can even be used to pay in stores. They’re an extension of the so-called Internet of Things (IoT) that’s making all of our lives healthier and more convenient, while reducing smartphone screen time that reached nearly six hours for half of Americans this year.

Unsurprisingly, it’s a market set to grow by 12.5% annually over the next few years to exceed US$118 billion by 2028. But while wearables are reaching into more of our daily lives than ever, they’re also collecting more data and connecting to an increasing number of other smart systems. It pays to understand these potential security and privacy risks up front.

What are the main security and privacy concerns?

Threat actors have multiple ways to monetize attacks on smart wearables and the related ecosystem of apps and software. They could intercept and manipulate data and passwords and unlock lost or stolen devices. There are also potential privacy concerns over the covert sharing of personal data with third parties. Here’s a quick round-up:

Stealing and manipulating data

Some of the most feature-rich smartwatches provide synced access to your smartphone applications, such as email and messaging. That could provide opportunities for unauthorized users to intercept sensitive personal data. But of equal concern is where much of that data ends up being stored. If it’s not protected properly at rest the provider may be targeted by information thieves. There’s a thriving underground market for certain types of personal and financial data.

Location-based threats

Another key data type recorded by most wearables relates to location. With this information, hackers can build an accurate profile of your movements throughout the day. That could enable them to physically attack the wearer, or their car/household at times it is judged to be empty.

There are even greater concerns over the safety of children wearing such devices, if they are being tracked by unauthorized third parties.

Third-party companies

It’s not just security risks that users have to be alert to. The data your devices collect may be extremely valuable to advertisers. And there’s a roaring trade in such data in certain markets, although it should be tightly regulated in the EU thanks to legislation introduced in 2018. One report claimed that revenue made from data sold by health device manufacturers to insurance companies could reach US$855 million by 2023.

Some third parties may even use it to create advertising profiles on wearers and sell it onwards. If this data is stored by multiple other downstream companies, this presents a greater breach risk.

Unlocking the smart home

Certain wearables could be used to control smart home devices. They might even be set up to unlock your front door. This presents a major security risk in the event devices are lost or stolen and anti-theft settings aren’t enabled.

Where do device ecosystems fall short?

The device you wear is only one part of the picture. There are actually multiple elements—from the device firmware to the protocols it …….

Source: https://www.welivesecurity.com/2022/01/26/every-breath-you-take-every-move-you-make-fitness-trackers-privacy-risks/

Tags:

Leave a Comment

Your email address will not be published.