Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

15826-12353-fitness_lockup_large_2x-m

February 8, 2016

By AppleInsider Staff
Monday, February 08, 2016, 07:22 am PT (10:22 am ET)

When it comes to the privacy and security of user data, the Apple Watch and its accompanying software ecosystem are the most well-designed products in the wearable marketplace, a new study shows.
Bluetooth privacy protections — or lack thereof — were central the study’s findings. Of the eight devices tested, Apple’s wearable was the only one which regularly altered the MAC address broadcast by its Bluetooth radio.

Randomization of the MAC address on Bluetooth Low Energy products is accomplished by a BLE feature known as “LE Privacy.” This is important, because unpaired Bluetooth products are designed to send “advertising” packets at regular intervals for discovery — that’s how your iPhone knows that there’s a nearby Apple Watch available for pairing.

Without this feature, researchers at Canadian privacy non-profit Open Effect and the University of Toronto note that it’s relatively trivial to track the movements of individual users when their fitness bands are not actively paired with a device.
Fitbit blamed the “fragmented Android ecosystem” for the lack of LE Privacy support.
Contacted by the researchers about the fault, Fitbit noted that compatibility issues within the “fragmented Android ecosystem” prevent them from adding LE Privacy, despite hardware support in their products. Through corporate parent Intel, Basis noted that using the Peak while not paired to a smartphone was an edge case and did not commit to a fix.

None of the other companies in the test — Garmin, Jawbone, Mio, Withings, or Xiaomi — came back with “notable responses.”

In addition to the Bluetooth issues, several companion software packages were found to be insecure. The researchers were variously able to intercept and read fitness data or write false data to disk.

The Garmin Connect app does not use HTTPs for connections, allowing a man-in-the-middle attack to read and write data. A similar attack was possible against Withings’s Health Mate app on Android, while Jawbone’s Up could allow users to send arbitrary fitness data to the cloud, an issue with potentially severe consequences:

“These findings concerning fitness tracker data integrity could call into question several real-world uses of fitness data,” the researchers wrote. “Fitness tracking data has been introduced as evidence in court cases…meaning that at least some attorneys are relying upon generated fitness data as a possibly objective indicator of a person’s activities at a given point in time. For Jawbone and Withings we created fraudulent fitness data which indicated that a passive measuring device, the fitness device, recorded a person taking steps at a specific time when no such steps occurred.”

Tags: , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
telegram-3m
Your Privacy Is Our Business
April 30, 2019

Let us reassure you: You’re worried only because you don’t understand anything about anything. ...

Read more
pr
Coffee with Privacy Pros: Three Constants of Privacy
April 23, 2019

A look behind the career and privacy theology of the law-lovin’ CPO of Uber, Ruby Zefo Jared Cose...

Read more
privacy-coins-and-bitcoin-dominance-guide
We’ve Stopped Talking And Searching About Privacy
April 15, 2019

Kalev Leetaru Contributor AI & Big Data I write about the broad intersection of data and soci...

Read more
private
Rebiton Allows You to Buy Bitcoin and Keep Your Privacy
April 8, 2019

by Kai Sedgwick Purchasing bitcoin ought to be quick and easy, but over the years, encroaching KY...

Read more
20190323_fbd001
Big tech faces competition and privacy concerns in Brussels
March 25, 2019

And the sector may be the better for it Print edition | Briefing Mar 23rd 2019 | PARIS Around 19 ...

Read more