This is necessary to protect users' personal data
Improving the security of wearable fitness trackers is necessary to protect users' personal data, as vulnerabilities in the devices could threaten the privacy and security of the data they record, a study has warned.
The study showed that the fitness devices -- which track heart rate, steps taken and calories burned -- are vulnerable to fraud as they give away access to personal information from cloud, where data is sent for analysis.
By dismantling the devices and modifying information stored in their memory, the researchers from Britain's University of Edinburgh bypassed the encryption system and gained access to stored data.
They demonstrated that such an access could allow unauthorised sharing of personal data with third parties such as online retailers and marketing agencies.
Importantly, it could also be targeted to create fake health records, which when sent to insurance companies the fraudsters could obtain cheaper cover from insurers that reward physical activity with lower premiums.
"Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology development," said Paul Patras, Assistant Professor at the varsity.
The findings will be presented at the International Symposium on Research in Attacks (RAID) in Georgia, US.
In the study, the researchers also produced guidelines to help manufacturers remove similar weaknesses from future system designs to ensure users' personal data is kept private and secure.