They may look like a normal watch but are capable to do much more than just showing the time: So called fitness trackers are collecting data on their users' lifestyle and health status on a large scale helping them with training or losing weight. However researchers are now investigating fraud opportunities with fitness trackers and detected serious security flaws. Data collected by fitness trackers have been used as evidence in court trials in the US, as reported by Forbes Magazine. Police and attorneys have started to recognize wearable devices as the human body's "black box," according to the NY Daily News. Some health insurance companies recently started to offer discounts if the insured persons provide personal data from their fitness trackers. This could attract scammers who manipulate the tracked data to fraudulently gain financial benefits or even influence a court trial, according to researchers. This makes it all the more important that transmission, processing and storing of the sensitive personal data meet high security standards.
Although all cloud-based tracking systems use an encrypted protocol like HTTPS to transfer data, the researchers were able to falsify data in all cases. Out of all fitness trackers examined, only devices from four manufacturers took some minor measures to protect data integrity, i.e. to ensure that data remain intact and unaltered. "These hurdles cannot stop a motivated attacker. Scammers can manipulate the data even with very little IT knowledge," according to a study from a European study. None of the trackers employ End-to-End encryption or other effective tamper protection measures when synchronizing data. these manufacturers store the collected fitness data in plain-text, i.e. un-encrypted and readable by everyone, on the smartphone which introduces a potential risk of unauthorized data leakage should the smartphone be stolen or infected with malware.
No comments:
Post a Comment