A new report has indicated that certain wearables and the apps needed to use them are posing a privacy risk.
Citizen Lab, in partnership with Open Effect have now released a report that has suggested that the mobile security being provided by several popular fitness trackers are actually vulnerable to potential tampering, surveillance and tracking over the long term.
These devices are quite commonplace and are used to allow a person to monitor his or her physical activity.
The report was the result of an examination of eight different fitness trackers and the mobile apps that are needed to use them. It was conducted by Citizen Lab from the University of Toronto, and the Open Effect not-for-profit research group. They looked into these applications and wearables to determine the level of mobile security and privacy they were able to provide. The trackers the researchers examined included: the Fitbit Charge HR, Jawbone Up 2, Garmin Vivosmart, Basis Peak, Mio Fuse, Xiaomi Mi Band, Withings Pulse O2 and even the Apple Watch.
The researchers looked at a range of different mobile security measures for every device they considered.
The factors included those pertaining to the collection and storage of data, as well as their transmission practices. What they determined was that every device, aside from the Apple Watch, persistently emitted uniqueIDs by way of their embedded Bluetooth radios. Those identifications could potentially expose the users of the wearables to location tracking over the long-term, even at times in which the device was not paired to a smartphone or tablet.
The report said the Apple Watch was the only one among the wearables that actually randomized its Bluetooth ID, causing it to be impossible to track that smartwatch over the long-term.
The authors of the report also pointed out that the Jawbone and Withings app was vulnerable to being exploited in order to crate fraudulent fitness records. The reason this poses a mobile security risk due to the chance that the data collected by personal fitness wearables could be used in court cases, health insurance programs and for other official reasons. Therefore, if that data has been falsified, it could create a highly undesirable risk for the users.
