Hackers target fitness devices: how to stay safe?

Hackers target fitness devices: how to stay safe?

Experts offer advice on how to safeguard your fitness trackers.

According to a recent study conducted by the virtual private network provider NordVPN, one in four people (24.6%) own some type of health or well-being equipment, such as a smartwatch or fitness tracker. However, these devices may track much more than your fitness activities, and 25% do not protect them, posing a severe threat to people's privacy.

Among the data acquired by fitness wearables and the mobile apps that connect to them are fundamental activities such as steps, heart rate, sleep and wake-up times, as well as calories consumed, weight, and even jogging routes, all of which are of tremendous interest to stalkers or attackers. Strava, for example, collects 41.18% of customers' personal data, while MyFitnessPal collects 35.29%.

“Health information is without a doubt some of the most private and sensitive data we possess. However, we enable our wearable fitness trackers to record and store this data in mobile apps without fully understanding the security risks,” says Daniel Markuson, a NordVPN digital privacy specialist.

Fitness applications are a prominent target for cybercriminals.

Numerous gadgets, wellness devices, and their accompanying apps all have security flaws that could allow hackers to access your information. Even if someone does not get control of your device, they can "sniff" the Bluetooth signal sent back to your smartphone in order to guess your passcode. Once a hacker obtains your pin, it is trivial for them to obtain access to all of your health information.

According to Have I Been Pwned?, MyFitnessPal, a diet and activity tracking website, had a data breach in 2018. 144 million unique email addresses, as well as usernames, IP addresses, and passwords, were exposed in the attack. The following year, this data was advertised for sale on the dark web. The same year, another health and fitness service business — 8fit — experienced a data breach involving 15 million unique email addresses, which were eventually sold on the dark web as well.

“Many users pair their fitness devices with an external app in order to track, share, and analyse their activity. However, this is the point at which people are most willing to give away their sensitive information. Many users publish their fitness accomplishments on social media or through the app's public forum," Daniel Markuson, a NordVPN digital privacy specialist, adds.

How to ensure the security of your fitness data

  • Due to the fact that the majority of fitness trackers lack the necessary security features, Daniel Markuson offers some tips on how to make your workouts less stressful and more secure:
  • Take time to read the user agreement. Take some time to read the user agreement and privacy statement for any fitness device before making a purchase. Ascertain that the business respects your privacy and takes reasonable precautions to safeguard it.
  • Make your internet identity anonymous. If your fitness apps are ever stolen, you can use a VPN to restrict the amount of potentially exposed personal information. It establishes an encrypted tunnel for your data and conceals your IP address, so protecting your online identity.
  • Limit the amount of data collected. Frequently, programmes and gadgets acquire data that is not required for them to function. Allow them to collect and store only the data necessary to provide you with the service for which you signed up.

Delete data from the app/device on a regular basis. Numerous fitness trackers provide you with the ability to examine and erase the data they collect about you. Verify that erased data is also wiped from the company's servers by consulting the privacy policy.