No, fitness trackers are not 100% private. That might be a kick in the teeth to anyone who uses a fitness tracker, but it’s true.
Cybercriminals love wearables and with good reason. For starters, around 1 in 5 kis in the US wears a fitness band or smartwatch. Most importantly, these gadgets are a goldmine of priceless personal information and health data. And lastly, most wearables have deplorable cybersecurity standards and rely on features like Bluetooth, which make them extremely vulnerable to security threats.
But worry not. You can still deter malicious actors from having a field day with your fitness tracker. Read on to find out how.
Do Fitness Trackers Put Your Privacy at Risk – Just How Secure Is Your Data?
Yes, fitness trackers can put your privacy at risk. That is especially true for wearables that rely on Bluetooth connection.
Most of the fitness trackers available today allow users to share data with their smartphones. How? Via Bluetooth, of course. Moreover, thanks to Bluetooth, smartwatch owners can synchronize their wearables with supported phones and receive smart notifications like incoming calls, texts, and emails. This feature also allows people to listen to music from their wrist using wireless headsets.
To cut a long story short, Bluetooth turns a simple wearable that should only be telling time and counting steps into a digital marvel. But there’s one small but significant problem: Bluetooth gives cybercriminals an ideal channel for exploitation.
True, people, smartwatches can be hacked. And not just the fitness trackers that adults use. According to experts, 5 out of 6 tracking bands worn by kids can allow malicious entities to track the young ones. Scary! If you have a kid who uses a kid’s smartwatch, be extra careful.
Now, back to fitness trackers. Bluetooth attack vectors that malicious actors prefer most when it comes to wearable gadgets include:
- Bluejacking: Through bluejacking, a hacker can exploit your Bluetooth connection and use it to send unauthorized messages to nearby Bluetooth-enabled devices. This problem is often the least damaging and nothing but an annoyance.
- Bluebugging: Unlike Bluejacking, Bluebugging is a serious issue. Why? With this hack, a malicious actor takes complete control of your device. Once a hacker is in control, they can create a hidden Bluetooth connection and use it to access sensitive information stored in your device.
- BlueBorne: This attack vector is quite similar to Bluebugging. The only difference between the two is with BlueBorne, a hacker penetrates your Bluetooth connection and uses it to steal data without necessarily pairing it with the affected device.
What Kind of Data for Fitness Trackers Collect
Here’s what your fitness devices usually store:
- The actual time you usually wake up
- How much you walk per day
- Your sleeping time at night
- Your weight
- Blood pressure
- The amount of calories you tend to consume every day
What if the Fitness Tracking Company is Hacked?
That data you’re beaming from your fitness tracker to the company’s servers might seem harmless enough. But what if those servers get hacked?
Suddenly, your step counts, heart rate, sleep patterns – your every movement – become prime loot for cyber thieves. And we’re not talking just one device’s data. Imagine the jackpot of accessing thousands of users’ information with one massive breach.
Hackers could sell this intimate data trove or hold it for ransom. And once it’s out of the company’s control, it could end up anywhere – from dark web auction blocks to public leaks.
You might shrug – what’s the big deal if my fitness stats get out there? Well, consider this: your health insurance provider could legally tap into that data to adjust your premiums if you’re less active than you claim. Or criminals could exploit personal details like your address for fraud or identity theft.
Think it’s unlikely or far-fetched? Hacks happen constantly these days. Even fitness giants like Under Armour have been breached, exposing users’ data. So if major players are vulnerable, lesser-known apps definitely are too.
Under Armour says 150 million MyFitnessPal accounts hacked. https://t.co/uunRVeGiaO pic.twitter.com/6H0aKy2PWo
— Ad Age (@adage) March 31, 2018
Sure, sharing your fitness journey via technology is motivating. But it also means trusting companies to keep your data secure – a risky proposition in our hack-happy world. Maybe reconsider oversharing those fitness insights for your own privacy’s sake.
What Experts Think About Privacy and Fitness Trackers
Fitness trackers and smartwatches don’t come cheap, and with prices rising due to inflation, you may be tempted to choose a cheaper model to save some money. However, it’s important not to sacrifice security and privacy for the sake of cost savings.
Lesser-known brands might seem like a good deal feature- and price-wise. But should they suffer a data breach, they likely won’t have as much concern about reputational damage as a well-known company would.
According to cybersecurity expert Kevin Roundy, established players care about their reputations and will take steps to assist affected customers. So it’s worth paying extra for a trusted brand to ensure your personal data stays protected, even if a cheaper gadget seems compelling. Don’t compromise security to pinch pennies – in the world of fitness tech, you get what you pay for when it comes to safety and privacy.
In addition to the obvious risks of having sensitive personal data exposed in a breach, fitness trackers pose other privacy concerns to be aware of. For one, as stated, “fitness trackers generally connect to a user’s phone via Bluetooth, leaving personal data susceptible to hacking.” This connectivity creates a vulnerability that hackers can potentially exploit to access private information.
Furthermore, “the information that fitness trackers collect isn’t considered ‘health information’ under the federal HIPAA standard or state laws like California’s Confidentiality of Medical Information Act.” This legal gray area means the intimate data gathered by fitness devices could potentially be used in unexpected and undesired ways. As explained, this personal information “can potentially be shared with or sold to third parties such as data brokers or law enforcement.”
Tips To Ensure Fitness Tracker Privacy
If you regularly use a fitness tracker, the following hacks will help you boost your privacy and limit your exposure to cybercrime:
1. Disable Unauthorized Pairing
The worst mistake you can make involves letting random, anonymous devices pair with your fitness tracker. Any wearable that allows unauthorized pairing is a cakewalk for cybercriminals. So, turn off this function. Popular brands like Samsung have an activation lock function that allows users to block authorized Bluetooth signals.
Moreover, try to keep Bluetooth off whenever you don’t need it.
2. Turn Off Location Tracking
Location tracking is important in fitness trackers. Most devices use this feature to map your routes and track performance. Unfortunately, if a malicious actor hacks your gadget, they can use this feature to pinpoint your location and track your movement. To be safer, deactivate it whenever you’re not exercising outdoors or exploring new routes and trails.
3. Set Up 2FA
Two-factor authentication is the key to protecting your devices from social engineering, password brute-force, and phishing attacks. With 2FA, you can deter hackers from gaining access to your gadgets and fitness accounts and stealing sensitive data. Most fitness brands support this security measure. For instance, if you use a Fitbit, you can turn on 2FA and protect your account from the Fitbit app.
4. Update Firmware Frequently
This may seem like a no-brainer, but most people ignore it. That is why 95% of websites use one or more outdated software products. Don’t make this mistake. If you don’t want to lose vital information to cybercriminals, pay attention to firmware updates.
5. Review Your Gadget’s Privacy Policy
Last but not least, read through your fitness gadget’s privacy policy. Your data is worth a lot. That is why some brands sell it to different entities, including insurance companies, health organizations, and advertisers. A good example is Fitbit.
According to Kaspersky, Fitbit collects information from its customers, strips it of personal identifiers, and shares it with third parties. By reading through a company’s policy, you can determine whether your information is at risk of ending up in the wrong hands.
How Do You Stop Fitbit from Sharing Data?
If you are among the 111 million+ registered Fitbit users, we’ve good news. You can stop your fitness tracker from sharing data. How? Just remove Fitbit’s access to any applicable service. Take Strava as an example.
Fitbit can collect diverse information from Strava, like heart rate, GPS data, and calories burned. If you don’t want that to happen, from your Fitbit dashboard, go to “Settings”, tap “Applications”, locate “Fitbit + Strava”, and select “Revoke Access”. You can do the same for other third-party services.
Also, you may use Health Connect installed on your phone to limit the data that your Fitbit account shares with third-party apps. To do that, open the app and click “App permissions”. Select Fitbit and toggle on or off data permissions according to your preferences.
Final Thoughts
Cybercriminals often target fitness trackers and steal sensitive personal information like your workout routes and health records. And if you use an advanced wearable with smart features, they can hack it and gain access to much more, including your banking information, phone numbers, and login credentials. That is why you must be careful when using a fitness tracker.
We’ve introduced you to several hacks you can use to protect yourself from malicious actors who target fitness trackers. Use them wisely. And not to put too fine a point on it, if your gadget has Bluetooth, turn off unauthorized pairing. Malicious actors can easily penetrate any unprotected Bluetooth connection and use it to do a good deal of harm.
Stay safe.
Common Questions
Can fitness tracker data be hacked?
Yes, fitness trackers can be vulnerable to hacking, especially Bluetooth-enabled models. Hackers can potentially access the data on your device or fitness app account and use it maliciously. Data breaches are also a risk if the company storing your data is compromised.
Are fitness trackers secure?
Basic fitness trackers aimed at consumers often lack sophisticated encryption and security measures beyond Bluetooth device pairing. More advanced enterprise-level wearables may employ better security, but risks remain. No system is completely hack-proof.
How is my fitness data used by the company?
Read privacy policies carefully to learn how fitness companies use your data. They may analyze it for internal R&D, share aggregate data with partners, or even sell it to third parties like data brokers or advertisers in some cases. Consent and transparency vary.
Can I control how my fitness data is used?
Check your device and app settings for any available privacy controls. You can often restrict sharing with third parties, social media connections, or location tracking. But options are usually limited, so switching brands can be the only opt-out.
Should I be concerned about privacy with a fitness tracker?
Fitness trackers introduce meaningful privacy risks given the personal nature of the collected data and limited legal protections. Understand and assess your particular privacy priorities before using one.
What can I do to keep my fitness data more private?
Research brands thoroughly and read all policies before purchasing. Only share necessary data, limit third-party connections, and use device security features. Seek brands that prioritize privacy or even do not store data.
