Fitness Tracker: every step you take, I'll be watching you

As wearables become part of our daily lives, they also become a bigger target for cybercriminals.

Who doesn't remember the popular Police song “Every breath you take, … every step you take, I'll be watching you”. Indeed, every breath we take, every step we take, is recorded by our fitness tracker, says Phil Muncaster from the team at global cyber security company ESET.fitness tracker

Smartwatches, fitness trackers, and other electronic gadgets wearables are becoming more and more popular, as are cell phones and tablets.

These connected devices do much more than show the time: they monitor our health, they show us our emails, they check our smart homes and they can even be used for in-store payments. They are an extension of the so-called Internet of Things (IoT) that makes the lives of all of us more comfortable, while reducing the time it takes to use smartphones, which has reached almost six hours for half of Americans this year.

Naturally, this is a market that will grow at an annual rate of 12,5% ​​in the coming years and will exceed 118 billion USD by 2028. But while wearables are steadily finding their way into our everyday lives, they are also collecting more data and connecting to a growing number of other smart devices.

But what are the potential security risks from fitness trackers and how can we protect our privacy?

ESET teammate Phil Muncaster outlines four key ways in which Threat actors can take advantage of wearables attacks.

1. The so-called "third-party companies"

The data your devices collect can be extremely valuable to advertisers. There is also a boom in such markets in some markets, although they should be tightly controlled in the EU thanks to legislation passed in 2018. A report argued that revenue generated from data sold by healthcare device manufacturers to insurance companies could to reach $ 855 million by 2023.
Some third parties may even use them to create advertising profiles for users and then sell them. If this data is stored by many companies, this is a greater risk of breach.

2. Unlocking the smart home

Some wearables can be used to control our smart home appliances. They can even be configured to unlock your front door. This poses a significant risk to your safety if the devices are lost or stolen and the anti-theft settings have not been activated.

3. Data theft and manipulation

Some smartwatches offer synchronized access to your smartphone applications, such as emails and messages. This may allow unauthorized users to steal sensitive personal data. Equally worrying is where much of this data is stored. If they are not properly protected, the provider can become a target for spying. There is a thriving underground market for certain types of personal and financial data.

4. Site-based threats

Another key type of data recorded by most wearables is related to location. With these , hackers can create an accurate profile of your movements throughout the day. This could allow them to physically attack the user or their car/home when they are deemed to be away. There are even greater concerns about the safety of children wearing such devices if they are monitored by third parties.

All of this may seem unlikely, but a few years ago, security researchers discovered vulnerabilities in children's smartwatches that exposed children's location and personal data. Before that, another investigation found that many manufacturers were sending unencrypted personal data of children using the products to servers in .

Concerns persist to this day, with research showing that the devices are prone to tampering, which could even cause physical discomfort to the user. Another study found that hackers could change passwords, make calls, send text messages and gain access to cameras from devices designed to monitor the elderly and children.

Where do device ecosystems lag behind?

The device you wear is only part of the picture. There are actually many components – from the device's firmware to the protocols it uses for connectivity, and back-end cloud servers. All are vulnerable to attack if security and privacy are not properly considered by the manufacturer.

Here are some of them:

Bluetooth: Bluetooth Low Energy is commonly used to connect mobile devices to your smartphone. However, many vulnerabilities in the protocol have been discovered over the years. They could allow attackers in close proximity to damage devices, steal information, or manipulate data.

Devices: Often the device software itself is vulnerable to external attacks due to poor programming. Even the best-designed watch is ultimately man-made and therefore may contain coding errors. These can also lead to privacy leaks, data loss and more.
Poor authentication / encryption on devices can also mean that they are exposed to piracy and eavesdropping. Users should also be aware of shoulder surfers if they use their mobile devices to view sensitive messages / data in public.

Applications: Smartphone-related smartphone apps are another way of attacking. Again, they can be misspelled and full of vulnerabilities, exposing access to users' data and devices. A special risk is that the applications or even the users themselves are careless with the data. You may also accidentally download fake applications that are designed to look like legitimate ones and enter personal information into them.

Back-end servers: As mentioned, cloud-based providers' systems can store information about the device, including location data and other details. This makes it an attractive target for attackers. There's not much you can do about it, except to choose a reliable provider with a good security record.

Unfortunately, many of the above scenarios are more than theoretical.

You; How do you protect your devices?

According to Phil Muncaster of ESET, fortunately there are several things you can do to minimize the risks described above. Some of them are:

General tips

• Enable two-factor authentication
• Protect the screen with a password
• Change settings to prevent any unauthorized pairing
• You buy wearables from reputable suppliers
• Take a close look at the privacy and security settings to make sure they are set up correctly

How to protect your smartphone

• Use only legitimate app stores
• Be sure to update all software
• Never jailbreak / root on devices
• Restrict the rights you grant to applications
• Install trusted Antivirus software on your device

How to protect a smart home

• Do not synchronize wearables with your front door
• Keep the devices on the guests's Wi-Fi network
• Update all devices to the latest firmware
• Change all device passwords from the factory settings

As wearables become part of our daily lives, they become a bigger target for cybercriminals. Do your pre-purchase research and close as many attack paths as possible as soon as you start your new device.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.082 registrants.

fitness tracker

fitness tracker, iguru

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).