Email
Password
Remember meForgot password?
    Log in with Twitter

article imageNew cybersecruity vulnerability with fitness monitors

By Tim Sandle     Oct 8, 2017 in Technology
Edinburgh - A new study of the security vulnerabilities of fitness trackers signals that the health technology sector needs to go further in building safeguards to protect the data of users of fitness devices. The study focuses on Fitbits.
The research, reported in The Daily Telegraph, indicates that two types of wristband manufactured by Fitbit can be hacked and data extracted. The finding comes from research conducted at the University of Edinburgh and this finding should be noted by those working on healthcare technology. Building in more robust security could become a useful part of the marketing strategy when it comes to launching a new health technology product.
The academic research found that data transmitted between the Fitbit One and Fitbit Flex devices and cloud servers can be intercepted. In tests, the researchers succeeded in extracting data. This data was in the form of the personal information of the users. Moreover, the researchers were able to manipulate the data in order to create and falsify activity records. The findings were presented to the International Symposium on Research in Attacks (RAID), which took place on 18-20 September 2017.
This was achieved by circumventing the end-to-end encryption in place. This was achieved by dismantling the devices and altering data stored on them. If a hacker or even a user was to do this the implications go beyond the mere mischief making. By exploiting the data security lapse someone could embark upon insurance fraud, for example. Many insurance companies, particularly in the U.S., are basing insurance cover, in terms of the rates charged, based on data gathered from health monitors. Someone could, in theory, manipulate a Fitbit in order to secure lower-cost insurance. Conversely, someone other than the user could alter data in order to deny another person insurance cover.
Dr Paul Patras, from the university’s School of Informatics, contextualizes the research: “Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology development. We welcome Fitbit’s receptiveness to our findings, their professional attitude towards understanding the vulnerabilities we identified and the timely manner in which they have improved the affected services.”
Commenting on the research outcome, Dan Lyon, who is the principal consultant at the technology firm Synopsys, told the website PharmaPhorum: “If this kind of analysis can be performed now or anytime in the future, it could be used to determine a person has a specific medical condition.”
The technologist added: “The impact of this to the individual could be raised healthcare premiums or even denied coverage due to preexisting conditions. And once the data is in the hands of an organization, it could potentially be sold for other purposes”.
Since the research was published a patch has been issued to address the flaw with the Fitbit models. However, the issue of hacking into health devices remains a pertinent one especially as the level of personal data collected increases.
More about Cybersecurity, health tech, digital health, fitness monitor, activity monitor
More news from