2014 was called the “Year of the Wearable” by many technology publications and was followed by an explosion of new wearable products, competing electronic companies, and fresh new tech startups. Wearable technology that was once only available to businesses, military and medical professionals also became available to the private consumer, featuring items such as smart glasses, smart watches, “hearables,” fitness and health trackers, and even smart jewelry.
By 2018, the global wearables market is expected to reach a value of 19 billion U.S. dollars, more than 10 times its value 5 years prior. In 2015, the biggest sellers like Fitbit and Apple were selling around 4.4 million and 3.6 million devices a quarter respectively and a projected 84 million devices in total were sold in 2015. In 2019 as many as 245 million wearable devices will be sold, according to CCS Insight’s latest wearable tech report, Wearables Forecast Worldwide, 2015 – 2019.
The use and popularity of wearables continues to rise, and while they are meant to make life easier, they may also be putting individual’s security at risk.
You’re not the only one tracking
Some of the more popular sports wearables are letting other people track you, according to a report on fitness-tracking devices from eight manufacturers, along with their companion mobile apps. The revealing devices included Basis Peak, Fitbit Charge HR, Garmin Vivosmart, Jawbone Up 2, Mio Fuse, Withings Pulse O2 and Xiaomi Mi Band, all of which make it possible for their wearers to be tracked using Bluetooth even when the device is not paired with or connected to a smartphone. Only the Apple device used a feature of the Bluetooth LE standard to generate changing MAC addresses to prevent tracking.
While the devices themselves gave up their owners’ whereabouts, the accompanying apps leaked a greater amount of personal information. These apps are typically used to gather data from the fitness-tracking device and upload it to a central server, where users can analyze their performance and perhaps compare it with that of other device wearers. Many of them were found to be leaking login credentials, transmitting activity-tracking information in a way that allowed interception or tampering, or allowing users to submit fake activity tracking information.
Garmin’s app relies on HTTPS at signup and login, but all other is data wide open. Users of the Jawbone and Withings apps can easily forge fitness data. That ability could lead to people hiding medical problems and injuries or misrepresenting their health to third-party observers
Again, Apple’s wearable app offered more protection than its counterparts. The Apple Watch is the only true smartwatch among the eight devices tested, as the rest are simpler activity trackers that don’t offer the third-party app compatibility. Smartwatches are slowly overtaking fitness trackers as the wearables of choice for many consumers. For those of you who prefer Android over Apple, Android Wear was not included in this research.
The authors of the research have not yet provided conclusions or recommendations for better security with these devices, but the need to improve wearable security is apparent. Makers of fitness trackers must be doing more to protect owners’ data through Bluetooth connections and companion apps.