Study finds self tracking devices, apps bring privacy risks

25 Aug, 2014

Using self-tracking devices such as fitness bracelets or smartphones apps can make it easier for others to track you too, according to a study carried out by the security firm Symantec. The study found that some of the devices and apps have security vulnerabilities that could be exploited to find out the wearer's location. The authors of the study used a self-built Bluetooth scanner based on a Raspberry Pi computer to gather data transmitted by fitness trackers.
Most current fitness bracelets and smart-watches use the Bluetooth LE standard to communicate with smartphones. This wireless technology, under optimal conditions, has a range of up to 100 metres and transmits mostly serial or hardware identification numbers. Without too much difficulty - according to the study authors - movement profiles of users could be drawn up by using this data.
For example an extremely tech-savvy burglar could work out if a home owner was at home or out jogging before deciding to break in.
Around one in five fitness apps transferred unencrypted user login credentials to their servers, the study found, a risky practice which could allow third parties to gain access to personal information such as addresses, dates of birth and health data.
Users of self-tracking apps and fitness bracelets are advised to be careful with their personal data and to read the privacy policies of the makers of these devices and programmes before using them.
Services that don't have a privacy policy or have one that's hard to find should be avoided.
Caution should also be exercised when sharing location information on social networks. In addition, users should only activate the Bluetooth function on their devices when it's really needed.

Read Comments