Fitness Monitors Rife With Security Issues, Tests Find
Security testing service AV-Test analyzed nine fitness monitors and found numerous security weaknesses.Fitness monitors popular with consumers are at risk of leaking data and allowing attackers to modify information on the devices, according to a study released on June 23 by German security testing firm AV-Test. The testing firm did not attempt to hack the devices, but instead eavesdropped on their communications and looked for security weaknesses. The researchers also evaluated the security and data-protection capabilities of the applications used to manage the devices. The study found that the devices had up to nine security issues, out of the 11 issues, for which the company tested. Most of the devices did not allow Bluetooth to be disconnected on the wristband and some applications associated with the fitness devices exposed log information. All of the applications did encrypt communications, however. "We all know that criminals will find a way to gain financial profit from these security problems sooner or later—they are more creative than we are," Maik Morgenstern, chief technology officer for AV-Test, said in an email interview with eWEEK. "That is why, at least the basics of security—encryption and proper authentication, secure updates, secure storage and communication—should be enforced for all devices that are connected to the Internet."
As consumer devices become increasingly connected into what is known as the Internet of Things, they have become a focal point of security research. Starting with smart phones, researchers have found security vulnerabilities that could allow eavesdropping and hacking. Home automation, automobile computer systems and industrial-control systems are now all under scrutiny.