- Jun 9, 2013
- 6,720
They may be one of the hottest gadgets around right now, but fitness bands and smartwatches may be a disaster waiting to happen from a security point of view, according to a new report. And considering the personal information held on many of them, the consequences of a breach could be disastrous.
The research from AV-Test looked into eight of the biggest selling devices in the fitness band/smartwatch category: Basis Peak, Microsoft Band 2, Mobile Action Q-Band, Pebble Time, Runtastic Moment Elite, Striiv Fusion, Xiaomi MiBand, and Apple Watch. Fitbit was left out of this examination, having undergone its own separate test earlier this year.
AV-Test said it was primarily interested in two areas: “From the perspective of the private user, is the data recorded in the tracker or app secure against spying or hacking by third parties?” And, “From the perspective of health insurers or other companies, is the data in the tracker or app secure against tampering?”
The first issue looked at how secure the data held on the devices or in the app is, while the second was more concerned with a third-party that may access the data. AV-Test used insurance companies who reward users for good health as an example; if the data can be manipulated, then results could be misleading.
The test looked at data on the devices, their corresponding smartphone apps, and the connection between the two. In total, 10 different criteria were tested.
Starting with the trackers, AV-Test looked at visibility, ability to be found, BLE privacy (which is whether a new MAC address is generated with every connection), authentication, and tamper protection. While all devices failed the BLE privacy test, the Pebble Time and Microsoft Band 2 succeeded in all other areas.
Full Article. Fitness Bands Struggle With Privacy; Leave Data Exposed
The research from AV-Test looked into eight of the biggest selling devices in the fitness band/smartwatch category: Basis Peak, Microsoft Band 2, Mobile Action Q-Band, Pebble Time, Runtastic Moment Elite, Striiv Fusion, Xiaomi MiBand, and Apple Watch. Fitbit was left out of this examination, having undergone its own separate test earlier this year.
AV-Test said it was primarily interested in two areas: “From the perspective of the private user, is the data recorded in the tracker or app secure against spying or hacking by third parties?” And, “From the perspective of health insurers or other companies, is the data in the tracker or app secure against tampering?”
The first issue looked at how secure the data held on the devices or in the app is, while the second was more concerned with a third-party that may access the data. AV-Test used insurance companies who reward users for good health as an example; if the data can be manipulated, then results could be misleading.
The test looked at data on the devices, their corresponding smartphone apps, and the connection between the two. In total, 10 different criteria were tested.
Starting with the trackers, AV-Test looked at visibility, ability to be found, BLE privacy (which is whether a new MAC address is generated with every connection), authentication, and tamper protection. While all devices failed the BLE privacy test, the Pebble Time and Microsoft Band 2 succeeded in all other areas.
Full Article. Fitness Bands Struggle With Privacy; Leave Data Exposed
