Best Reviews logo
Best Reviews may receive compensation for its content through paid collaborations. See how we sustain our work & review products.
How IoT Devices Give Your Fitness Data Away

How IoT Devices Give Your Fitness Data Away

By István F.István F. Verified by Adam B.Adam B. Last updated: July 17, 2024 (0)

Fitness trackers monitor your heartbeat and sleep, measure your steps, and connect the user to a larger ecosystem of goal-setting, diet-tracking and other health-related activities. But just how secure are these devices? How do they protect sensitive datasuch as the health information they collect about you?

These devices are designed to display aggregate fitness information automatically on connected mobile devices and, more often than not, on websites controlled by the manufacturers or service providers. This automatic collection and dissemination of data all began with the monitoring of steps a person took in a day.

From one person to millions of users is a huge jump but, as you have probably already encountered in your neighborhood, wearables and internet-connected physical devices, vehicles and home appliances – collectively called the Internet of Things (IoT) devices – are becoming increasingly popular. Talking just specifically about wearables, the numbers are staggering: between 2016 and 2017 vendors shipped an estimated 220 million units.

Considering the high adoption rate of wearables and the security flaws they carry, market research firm Gartner estimates that worldwide spending on IoT security will reach $1.5 billion in 2018 and $3.1 billion by 2021.

The problem with wearables

When it comes to hardware, seven out of eight wearable devices have shown signs of information leak, according to research led by Open Effect with significant contributions from the Citizen Lab at the Munk School of Global Affairs at the University of Toronto. One of the existing problems is that these devices emit persistent unique identifiers – a Bluetooth Media Access Control address – that exposes their wearers to long-term location tracking.

While this can be addressed, what’s more alarming is that the applications aggregating the all data these devices collect have security vulnerabilities that enable unauthorized third parties to read, write, and delete user data.

Health data leaked

You might be surprised, but your credit card details aren’t the only valuable pieces of information that hackers are after. Health records can also be sold for good money on the dark web. In fact, healthcare data breaches have more than doubled in a single year, according to the 2018 Thales Healthcare Threat Report.

The report suggests that the digital transformation while enabling better healthcare also creates new risks that need to be addressed in order to protect user data. The use of the cloud, big data, and IoT devices allows organizations to better create and manage data and store information more efficiently, but how that data is stored, well, that’s what creates a problem.

The use of this technology creates the need to use third-party services such as a cloud vendor infrastructure or cloud-based platforms alongside internet-connected heart-rate monitors, implantable defibrillators, and the like. All these new technologies represent an attack opportunity for hackers.

60% off RoboForm for Best Reviews readers
RoboForm logo
Commit to RoboForm using Best Reviews' exclusive discount and enjoy a discount of 60% off the regular price.
/goto/roboform/ Click to show code

To understand the risks, consider the popular MyFitnessPal data breach. Under Armour’s MyFitnessPal platform allows users to connect various other third-party fitness trackers to their account – such as the Endomoto Sports Tracker or Garmin Connect – meaning that it’s only necessary to access a single platform to collate all the data together. The problem is that MyFitnessPal alongside other similar platforms uses a web interface, meaning that your data isn’t stored locally on the device and could therefore end up exposed to hackers if not properly protected. It’s never good whenever your data is stored anywhere online, but especially so when we are talking about the data of 150 million people.

What can you do to protect your data?

The only way you can be sure no stranger can access your data is by storing it locally, but this way you will miss out on many of the convenient features such fitness platforms provide. That’s why many users accept the threat that comes from being exposed but still take necessary measures to lower the risk.

The first line of defense is your password, so make sure you generate a unique, cryptographically secure password and store it using a password manager. Secondly, read the platform’s security policy and the measures that are taken to protect your data. You’d want to ensure at least a hash combined with salt (and pepper) is used to protect your data.


Best password managers of 2024

Editor's choice
RoboForm logo
Editor's rating:
(4.5)
Effective security center
Passkey compatibility
Intuitive and organized interface
Affordable prices
Families
LastPass logo
Editor's rating:
(4)
Logical interface
Automated password categorization
Advanced mobile version
Various two-factor authentication options
Businesses
1Password logo
Editor's rating:
(4.5)
End-to-end encryption
Secure authentication method
Data breach alarms
One-time password support
Security features
Keeper logo
Editor's rating:
(4.5)
Robust security
Wide range of platform support
Affordable
Great customer support
Personal use
NordPass Personal logo
Editor's rating:
(4.5)
Strong security features
Effective password generator
Excellent free version
Attractive price
Password sharing
Dashlane logo
Editor's rating:
(4)
Password changer
Built-in VPN
Flawless data import
Thorough iOS/Android app
Local storage
Enpass logo
Editor's rating:
(4)
Packed with features
Free for desktop users
Offline password manager
End-to-end encryption
User Feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2024 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us