In a report, How Safe is Your Quantified Self, Symantec “found security risks in a large number of self-tracking devices and applications,” including the finding that “all of the wearable activity-tracking devices examined, including those from leading brands,are vulnerable to location tracking.”
A report from ABI Research estimates that wearable computing device market will grow to 485 million annual device shipments by 2018 but lots of people are already wearing fitness trackers from Fitbit, Jawbone, Samsung and others and even more are using smartphone apps that track their movement throughout the day.
If your device is hacked, said Symantec, the perpetrators could know:
- The mileage that you are covering
- When you usually go running
- Where you usually go running
- Where you live
- Your age, sex, height, and weight
- Your heart rate
- Your altitude
- Steps taken
- Where and when you are on vacation
In the clear
The report also found that 20% of the fitness apps “transmitted passwords in the clear.” A staggering 52 percent of apps examined did not make available privacy policies, according to the report.
The report suggests that “the information could be useful to governments, marketers, businesses, and of course cybercriminals.”
In an interview, Symantec’s Director of Security Response, Orla Cox said that “some applications were actually communicating with up to 15 different remote locations,”including “analytics companies and a variety of different organizations.” She said that “there are companies interested in this data,” and that “attackers are very much driven by money so it’s possible that this data could be taken and sold to third party companies.”
Cox said that securities companies are looking at developing security software for wearable devices. Symantec, like most security companies, already has software for mobile devices which, typically, are used to send the data back to servers, but that software isn’t likely to protect you for data that’s transmitted from the device itself, such as the Bluetooth signal it uses to connect with the phone.
Cox recommends that users of these devices turn off Wi-Fi and Bluetooth if you’re not using them and being “a little bit more wary when you’re installing applications and getting an understanding of what the application is going to do with your data.” She also suggests that device manufactures make it easier for consumers to turn off these signals when they’re not in use.
The MoveC300 watch I wear from Lifetrack is able to sync with Android and iOS devices but you have to press a sync button each time you want to transmit data. That not only makes it harder to hack but also preserves battery life, which is one of the reasons the watch can run for up-to a year on a coin-sized battery.