• Home
  • News
  • New privacy scandal: most fitness trackers leak your data

New privacy scandal: most fitness trackers leak your data New privacy scandal: most fitness trackers leak your data

According to a recent study performed by Canadian researchers, some of the most popular brands of fitness trackers allow others to keep track of you. Out of the eight brands that were tested, Apple's Watch was the only device that kept your privacy, while all the others emitted a unique signal which could be tracked and monitored via Bluetooth. The list of wearables with privacy issues includes names like Fitbit Charge HR, Garmin Viosmart, Xiaomi Mi Band, Withings Pulse O2, Jawbone Pulse 2, Basis Peak and Mio Fuse. If you feel like you've been fooled, don't worry too much about it, most of these gadgets were also featured in my previous article: "Best fitness bands of 2015", so you weren't the only one.

The researchers found that the previous mentioned devices can be tracked via Bluetooth even when they're not communicating with their users' smartphones. It seems that many retail stores and shopping malls are already to use Bluetooth tracking technology to recognize and profile their customers. Furthermore, the mobile apps that pair up with devices aren't that secure either making information such as login credentials or the gathered fitness data easy to intercept and tamper with using man-in-the-middle attacks. (Basis Peak's and Apple Watch's apps where the only exceptions to this). Since many health insurance companies have already started basing their fees on the data from fitness trackers and even courts accepted the information taken from these devices as proof, the fact that it can be so easily tampered with is actually a big problem.

In case you were wondering why Apple's Watch cannot be tracked via Bluetooth, the researchers said that the device uses a Bluetooth LTE feature which allows it to constantly change the MAC address. The reason Apple and Intel had the only two apps that couldn't be tempered with is that they both use a certificate pinning technology which can't (or is much harder to) be fooled by potential attackers.

Hopefully, these security problems will be solved, and we won't have similar issues with the wearables that will hit the market this year.