LONDON, Sept. 14 (Xinhua) -- Vulnerabilities in wearable fitness trackers could threaten the privacy and security of the data they record, and manufacturers need to improve these products to better protect users' personal data, according to a study published Thursday by the University of Edinburgh.
These wearable devices, which can track heart rate, steps taken and calories burned, are getting more and more popular among consumers around the world.
But exploiting security weak spots in the communication procedures of some gadgets could allow unauthorized sharing of personal data with third parties, including online retailers and marketing agencies, according to the study. It was carried out by researchers from The University of Edinburgh and their colleagues in Germany and Italy.
An Edinburgh team carried out an in-depth security analysis of two popular models of wearable fitness trackers made by Fitbit.
They discovered a way of intercepting messages transmitted between fitness trackers and cloud servers, where data is sent for analysis. This allowed them to access personal information and create false activity records.
The team even demonstrated how the system that keeps data on the devices secure -- called end-to-end encryption -- can be circumvented. By dismantling devices and modifying information stored in their memory, researchers bypassed the encryption system and gained access to stored data.
In response to the findings, Fitbit has developed software patches to improve the privacy and security of its devices, according to the team.
Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology development, said Dr. Paul Patras, from The University of Edinburgh.
"We welcome Fitbit's receptiveness to our findings, their professional attitude towards understanding the vulnerabilities we identified and the timely manner in which they have improved the affected services," Patras also said.
To help manufacturers remove similar weaknesses from future system designs, the team has produced specific guidelines.
