Fitness Tracker Security: An Easy Workout for Hackers?
This article was updated on Sept. 5, 2018.
Wearable devices are coming to the workplace. Research firm eMarketer predicts that 59.5 million U.S. adults will use wearable tech by 2021. Many will be used both at home and the office. Fitness trackers, designed to measure things like heart rate, steps taken and sleep patterns, are the most popular type of wearables. As these devices appear in the workplace, a worrisome question arises: Is fitness tracker security capable of defending company networks?
On the surface, fitness trackers may not seem like much of a security concern. Their small size and limited network connectivity make them appear non-threatening and disconnected from the more critical functions of a company's system. But as security researchers recently discovered, popular trackers may be vulnerable to malware infections. Hackers must be close by and the size of malware is limited, but their tiny tendril of network connection to the larger corporate infrastructure may offer just the boost the malware needs to become a full-blown IT problem.
Is that scenario a long shot? Sure, but as proof of concept goes, it is pretty cut-and-dry: Fitness trackers are not inherently secure.
Fitness trackers, mobile devices, wireless sensors and "smart" appliances collectively make up the Internet of Things, a rising tide of monitoring technology. While this always-on network offers real benefits for companies looking to get a clear picture of their business end-to-end, device security is lagging behind innovation. This is unsurprising, because companies want to be first-to-market and security may often be considered an "afterthought" in those early stages.
And, as University of Edinburgh researchers found, is it not difficult to manipulate this technology.
"The researchers discovered a way of intercepting messages transmitted between fitness trackers and cloud servers — where data is sent for analysis," the university said in a public release. "This allowed them to access personal information and create false activity records."
Are fitness trackers a risk to your security? Absolutely. As with any Internet-connected device, security tends to land lower on the priority list; with functionality and usability sometimes trumping defense. One option is to outlaw the use of these devices in your office. However, just as clamping down on cloud applications leads to the rise of "shadow IT," trying to eliminate fitness trackers will likely result in surreptitious use. Solving the problem, therefore, requires company oversight, either in the form of local IT management using device-monitoring software or by leveraging a third-party service to keep tabs on these devices on the network.
Right now, hackers don't have to break a sweat if they want to crack fitness tracker security. Until security catches up with demand, small and middle-market companies are on the hook to secure these devices and keep their networks healthy.