The study showed that the fitness devices -- which track heart rate, steps taken and calories burned -- are vulnerable to fraud as they give away access to personal information from cloud, where data is sent for analysis.
By dismantling the devices and modifying information stored in their memory, the researchers from Britain's University of Edinburgh bypassed the encryption system and gained access to stored data.
They demonstrated that such an access could allow unauthorised sharing of personal data with third parties such as online retailers and marketing agencies.
Importantly, it could also be targeted to create fake health records, which when sent to insurance companies the fraudsters could obtain cheaper cover from insurers that reward physical activity with lower premiums.
"Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology development," said Paul Patras, Assistant Professor at the varsity.
The findings will be presented at the International Symposium on Research in Attacks (RAID) in Georgia, US.
In the study, the researchers also produced guidelines to help manufacturers remove similar weaknesses from future system designs to ensure users' personal data is kept private and secure.
(This story has not been edited by Social News XYZ staff and is auto-generated from a syndicated feed.)
Doraiah Chowdary Vundavally is a Software engineer at VTech . He is the news editor of SocialNews.XYZ and Freelance writer-contributes Telugu and English Columns on Films, Politics, and Gossips. He is the primary contributor for South Cinema Section of SocialNews.XYZ. His mission is to help to develop SocialNews.XYZ into a News website that has no bias or judgement towards any.
This website uses cookies.