ADVERTISEMENT

Security bug found in fitness wristband

Fitness trackers of all kinds have become extremely popular, helping people to manage their physical activity and calorie intake and stay in shape, however, such devices also process important personal data about their owners and it is important to keep it secure.

Fitness wristbands

Kaspersky Lab researcher, Roman Unuchek, has examined how a number of fitness wristbands interact with a smartphone and discovered some surprising results.

According to Unuchek’s research findings, the authentication method implemented in several popular smart wristbands allows a third-party to connect invisibly to the device, execute commands, and – in some cases – extract data held on the device.

In the devices investigated by Unuchek, such data was limited to the amount of steps taken by the owner during the previous hour.

However, in the future, when next-generation fitness bands capable of collecting a greater volume of more varied data appear on the market, the risk of sensitive medical data about the owner leaking out could raise significantly.

ADVERTISEMENT

The rogue connection is made possible because of the way in which the wristband is paired with a smartphone.

According to the research, an Android-based device running Android 4.3 or higher, with a special unauthorised app installed can pair with wristbands from certain vendors.

To establish a connection, users need to confirm the pairing by pressing a button on their wristband. Attackers can easily overcome this, because most modern fitness wristbands have no screen.

When the wristband vibrates asking its owner to confirm the pairing the victim has no way of knowing whether they are confirming a connection with their own device or an intruding connection.

Unuchek adds that: “Of course, there are more harmful actions that are more likely. For example, by using a Trojan-Ransom the fraudster could take control of your wristband, make it vibrate constantly and demand money to make it stop.”

ADVERTISEMENT

“This Proof of Concept depends on a lot of conditions for it to work properly, and in the end an attacker wouldn’t be able to collect really critical data like passwords or credit card numbers. However it proves that there is a way for an attacker to exploit mistakes left unpatched by the device developers.”

Unuchek further states that: “The fitness trackers currently available are still fairly basic, capable of counting steps and following sleep cycles, but little more than that. However the second generation of such devices is almost here, and they will be able to gather much more information about users. It is important to think about the security of these devices now, and ensure that there is proper protection for how the tracker interacts with the smartphone.”

Unuchek advises that users of smart wristbands, who are concerned about the security, check with the wristband’s vendors whether such a potential attack vector would be possible on their product.

Source: itnewsafrica

JOIN OUR PULSE COMMUNITY!

Unblock notifications in browser settings.
ADVERTISEMENT

Eyewitness? Submit your stories now via social or:

Email: eyewitness@pulse.ng

Recommended articles

Anambra PASAN begins strike over Soludo's failure to grant financial autonomy

Anambra PASAN begins strike over Soludo's failure to grant financial autonomy

Governor Sanwo-Olu pays ₦4.48 billion to 1,455 retirees in accrued pensions

Governor Sanwo-Olu pays ₦4.48 billion to 1,455 retirees in accrued pensions

Court discharges ex-AGF Adoke, 6 others in Malabu oil scam case

Court discharges ex-AGF Adoke, 6 others in Malabu oil scam case

Nigerians are expected to pay for TV licences — here’s what the law says

Nigerians are expected to pay for TV licences — here’s what the law says

BEDC management denies rumours of dissolution, increases revenue

BEDC management denies rumours of dissolution, increases revenue

Federal Govt set to sue Binance ltd, officials for tax evasion on April 4

Federal Govt set to sue Binance ltd, officials for tax evasion on April 4

What Nigerian law says about treatment of people with disabilities

What Nigerian law says about treatment of people with disabilities

Gambling investment is evil, will take away everything - Cleric warns youths

Gambling investment is evil, will take away everything - Cleric warns youths

All teachers need to learn digital skills to earn their students’ respect

All teachers need to learn digital skills to earn their students’ respect

Pulse Sports

Nigeria vs Mali: Has Finidi George done enough to land Super Eagles job permanently?

Nigeria vs Mali: Has Finidi George done enough to land Super Eagles job permanently?

I want to emulate Keshi and win the AFCON - Finidi George shares ambitious Super Eagles dream

I want to emulate Keshi and win the AFCON - Finidi George shares ambitious Super Eagles dream

Michelle Alozie: I had to do it because of African referees

Michelle Alozie: I had to do it because of African referees

AC Milan star reveals he was named after Super Eagles legend Tijani Babangida

AC Milan star reveals he was named after Super Eagles legend Tijani Babangida

Give him the job! Super Eagles fans beg NFF to make Finidi George permanent coach after Nigeria's win over Ghana

Give him the job! Super Eagles fans beg NFF to make Finidi George permanent coach after Nigeria's win over Ghana

Super Eagles 2-1 Black Stars: Nigerians praise Iwobi, Lookman, Finidi George after friendly victory against Ghana

Super Eagles 2-1 Black Stars: Nigerians praise Iwobi, Lookman, Finidi George after friendly victory against Ghana

ADVERTISEMENT
ADVERTISEMENT