New Research Says Fitness Trackers and Their Apps Are Transmitting Data About Us
A startling study by a Canadian research team has revealed that some popular types of fitness trackers actually transmit a signal via blue tooth. It is believed that this ‘identifier’ signal could be picked up by the kinds of beacons that are now being used by retail stores and shopping centres to track, recognise and profile customers.
The research team also discovered that the apps that accompany these ‘sports wearables’ could be leaking our login credentials and are transmitting our activity tracking information in a non-secure way, thus leaving it open to interception and tampering.
The devices named in the research as those that transmit the signal and potentially ‘leak’ data include Basis Peak, Fitbit Charge HR, Garmin Vivosmart, Jawbone Up 2, Mio Fuse, Withings Pulse O2 and Xiaomi Mi Band.
One device that the researchers found not to be transmitting any identifier signal however was the Apple Watch which actually used part of the Bluetooth LE standard to prevent external tracking by changing MAC addresses.
How Was This Discovered?
The Citizen Lab at the Munk School of Global Affairs, University of Toronto who carried out the research used what is known in cryptography and computer security as a man-in-the-middle attack where a third party relays and possibly alters the communication between two other parties.
What Could This Mean For Businesses?
For any businesses that are able to collect and link this data to us as individual consumers it could conceivably mean the ability to target us with offers and information for other relevant goods and services, or even to share those details with third parties.
One worrying aspect however is that under European data protection law the data that these fitness devices generate could be considered personal information, and therefore the device should be more secure.