Abstract
The popularity of wearable devices is growing exponentially, with consumers using these for a variety of services. Fitness devices are currently offering new services such as shop** or buying train tickets using contactless payment. In addition, fitness devices are collecting a number of personal information such as body temperature, pulse rate, food habits and body weight, steps-distance travelled, calories burned and sleep stage. Although these devices can offer convenience to consumers, more and more reports are warning of the cybersecurity risks of such devices, and the possibilities for such devices to be hacked and used as springboards to other systems. Due to their wireless transmissions, these devices can potentially be vulnerable to a malicious attack allowing the data collected to be exposed. The vulnerabilities of these devices stem from lack of authentication, disadvantages of Bluetooth connections, location tracking as well as third party vulnerabilities. Guidelines do exist for securing such devices, but most of such guidance is directed towards device manufacturers or IoT providers, while consumers are often unaware of potential risks. The aim of this paper is to provide cybersecurity guidelines for users in order to take measures to avoid risks when using fitness devices.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Radanliev, P., De Roure, D.C., Maple, C., Nurse, J.R., Nicolescu, R., Ani, U.: Cyber Risk in IoT Systems. Preprints. (2019)
Europol: Internet Organised Crime Threat Assessment (IOCTA). https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2019 (2019). Accessed 15 Jan 2020
Cilliers, L.: Wearable devices in healthcare: privacy and information security issues. Health Inf. Manage. J. 49(2–3), 150–156 (2020)
Poongodi, T., Krishnamurthi, R., Indrakumari, R., Suresh, P., Balusamy, B.: Wearable devices and IoT. In: Balas, V.E., Solanki, V.K., Kumar, R., Ahad, M., Rahman, A. (eds.) A Handbook of Internet of Things in Biomedical and Cyber Physical System, pp. 245–273. Springer International Publishing, Cham (2020)
Fitbit: Fitbit Pay. https://www.fitbit.com/global/be/technology/fitbit-pay. Accessed 15 Jan 2020
Pocket-lint: What is Fitbit Pay, how does it work, and which banks support it? https://www.pocket-lint.com/fitness-trackers/news/fitbit/142115-what-is-fitbit-pay-how-does-it-work-and-which-banks-support-it. Accessed 15 Jan 2020
Department of Culture Media and Sport: Code of Practice for consumer IoT security. https://www.gov.uk/government/publications/code-of-practice-for-consumer-iot-security/code-of-practice-for-consumer-iot-security. Accessed 15 Jan 2020
Farnell, G., Barkley, J.: The effect of a wearable physical activity monitor (Fitbit One) on physical activity behaviour in women: a pilot study. J. Hum. Sport Exerc. 12(4), 1230–1237 (2017)
Blow, F., Yen-Hung (Frank), H., Hoppa, M.A.: A study on vulnerabilities and threats to wearable devices. J. Colloquium Inf. Syst. Secur. Educ. 7(1) (2020)
Kolamunna, H., Jagmohan, C., Hu, Y., Thilakarathna, K., Perino, D., Makaroff, D., Seneviratne, A.: Are wearables ready for secure and direct Internet communication? GetMobile Mobile Comput. Commun. 21, 5–10 (2017)
Zhang, C., Shahriar, H., Riad, A.B.M.K.: Security and privacy analysis of wearable health device. In: IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC), Madrid, Spain, pp. 1767–1772 (2020)
Hackernoon: Million Fitbit accounts were exposed by cybercriminals. https://hackernoon.com/2-million-fitbit-accounts-was-exposed-by-cybercriminals-aa7u36pj. Accessed 15 Jan 2020
Stuhr, S.A.: Wearable devices and their impact on the security of personal information. Available from ProQuest Dissertations & Theses A&I. (2447022760). https://ezp.lib.cam.ac.uk/login?url=https://www.proquest.com/dissertations-theses/wearable-devices-their-impact-on-security/docview/2447022760/se-2?accountid=9851. Accessed 15 Jan 2020
Helpnetsecurity: Fitbit trackers can easily be infected with malware, and spread it on. https://www.helpnetsecurity.com/2015/10/22/fitbit-trackers-can-easily-be-infected-with-malware-and-spread-it-on/. Accessed 15 Jan 2020
Bay Computing: New Malware can infect your FitBit and spread to your computer. https://baymcp.com/new-malware-can-infect-your-fitbit-and-spread-to-your-computer/#:~:text=Infecting%20a%20Fitbit%20via%20Bluetooth,or%20any%20other%20public %20area. Accessed 15 Jan 2020
Ching, K., Mahinderjit Singh, M.: Wearable technology devices security and privacy vulnerability analysis. Int. J. Netw. Secur. Appl. 8, 19–30 (2016)
Britt Cyr, W.H.: Retrieved from Security Analysis of Wearable Fitness Devices (Fitbit). https://www.semanticscholar.org/paper/Security-Analysis-of-Wearable-Fitness-Devices-(-)-Cyr-Horn/f4abebef4e39791f358618294cd8d040d7024399. Accessed 15 Jan 2020
Lambert, L., Wiere, S.: Digit recognition from wrist movements and security concerns with smart wrist wearable IOT devices. In: Proceedings of the 53rd Hawaii International Conference on System Sciences, Hawaii International Conference on System Sciences (2020)
Gizmodo: Hackers can wirelessly upload malware to a Fitbit in 10 seconds. https://gizmodo.com/hackers-can-wirelessly-upload-malware-to-a-fitbit-in-10-1737880606. Accessed 15 Jan 2020
Zanella, G., Guda, T.: Managing the gap between disruptive innovation and people’s perceptions: the case of wearable devices. Int. J. Technol. Intell. Plan. 12, 4 (2020)
Zeng, E., Roesner, F.: Understanding and improving security and privacy in multi-user smart homes: a design exploration and in-home user study. In: 28th {USENIX} Security Symposium ({USENIX} Security 19), pp. 159–176 (2019)
Anaya, L.S., Alsadoon, A., Costadopoulos, N., et al.: Ethical implications of user perceptions of wearable devices. Sci. Eng. Ethics. 24(1), 1–28 (2018)
Ogundele, O., Isabirye, N., Cilliers, L.: A model to provide health services to hypertensive patients through the use of mobile health technology. In: Conference Proceedings of African Conference of Information and Communication Technology, Cape Town, South Africa, 10–11 July (2018)
Piwek, L., Ellis, D.A., Andrews, S., Joinson, A.: The rise of consumer health wearables: promises and barriers. PLoS Med. 13(2) (2016)
Security Intelligence: Wearable IoT ransomware: locking down your life? https://securityintelligence.com/news/wearable-iot-ransomware-locking-down-your-life/. Accessed 15 Jan 2020
World Economic Forum: 3 ways AI will change the nature of cyber-attacks. https://www.weforum.org/agenda/2019/06/ai-is-powering-a-new-generation-of-cyberattack-its-also-our-best-defence/. Accessed 15 Jan 2020
Dutton, W.H.: Fostering a cyber security mindset. Internet Policy Rev. 6(1) (2017)
Bada, M.: IoTs and the need for digital norms—a global or regional issue? GigaNet Annual Symposium, 2019 November 25, Berlin. https://www.giga-net.org/2019symposiumPapers/27_Bada_IoTs-and-the-need-for-digital-norms.pdf (2019). Accessed 15 Jan 2020
Centre for Economic Policy Research: Google/Fitbit will monetise health data and harm consumers. https://euagenda.eu/upload/publications/policyinsight107.pdf.pdf. Accessed 15 Jan 2020
Alladi, T., Chamola, V., Sikdar, B., Choo, K.R.: Consumer IoT: security vulnerability case studies and solutions. IEEE Cons. Electron. Mag. 9(2), 17–25 (2020)
Hilts, A., Parsons, C., Knockel, J.: Every step you fake: a comparative analysis of fitness tracker privacy and security. Technical Report, for public dissemination. Munk School of Global Affairs, University of Toronto: Open Effect/Citizen Lab, (2016). Accessed 15 Jan 2020
Bourgeois, J., Kortuem, G.: Towards responsible design with Internet of Things data. In: Proceedings of the Design Society: International Conference on Engineering Design, vol. 1(1), pp. 3421–3330 (2019)
Blythe, J.M., Sombatruang, N., Johnson, S.D.: What security features and crime prevention advice is communicated in consumer IoT device manuals and support pages? J. Cybersecur. 5(1) (2019)
European Union: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation). I. 119. https://tinyurl.com/h9qbbur eur-lex.europa.eu. Accessed 15 Jan 2020
Bada, M., Sasse, A.M., Nurse, J.R.C.: Cyber security awareness campaigns: why do they fail to change behaviour? In: International Conference on Cyber Security for Sustainable Society, CSSS, 2015, pp. 118–131 (2015)
Mannilthodi, N., Kannimoola, J.M.: Secure IoT: an improbable reality. In: IoTBDS, pp. 338–343 (2017)
De Zan T.: Mind the gap: the cyber security skills shortage and public policy interventions. https://gcsec.org/wp-content/uploads/2019/02/cyber-ebook-definitivo.pdf. Accessed 15 Jan 2020
Houses of Parliament, Cyber Security of Consumer Devices. Number 593 February (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Bada, M., von Solms, B. (2023). A Cybersecurity Guide for Using Fitness Devices. In: Nayyar, A., Paul, A., Tanwar, S. (eds) The Fifth International Conference on Safety and Security with IoT . EAI/Springer Innovations in Communication and Computing. Springer, Cham. https://doi.org/10.1007/978-3-030-94285-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-94285-4_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-94284-7
Online ISBN: 978-3-030-94285-4
eBook Packages: EngineeringEngineering (R0)