An unnerving 35-page report published by Canadian nonprofit OpenEffect,
assisted by the Citizen Lab at the Munk School of Global Affairs, University of Toronto
, claims that leading fitness trackers and their corresponding mobile apps are veritable sieves of personal data, inviting security breaches. Where Hackermania Runs Wild
starts with lack of Bluetooth LE privacy, allowing tracking via Bluetooth even when the tracker isn’t paired to a smartphone. Then many of the companion apps leaked login credentials, transmitted activity tracking information in a way that allowed interception or tampering, or allowed users (or others) to insert false activity tracking information. The trackers studied were the Basis Peak, Fitbit Charge HR, Garmin Vivosmart, Jawbone Up 2, Mio Fuse, Withings Pulse O2 and Xiaomi Mi Band. Notably the Apple Watch 2.0 was secure. The full report is titled dramatically “Every Step you Fake: A Comparative Analysis of Fitness Tracker Privacy and Security”. Security
article, study in PDF
. Hat tip once again to Toni Bunting, former Northern Ireland Contributing Editor.