With people becoming more conscious about their health, fitness bands have become a popular product worldwide. Millions strap on their fitness bands every day to monitor different stats and compare them, creating a competition with ourselves and others who are like-minded. The information collected include the number of steps taken, calories burned, heart rate and sleep patterns too. They are transmitted wirelessly to the computer or smartphone. The question is, is this secure data?
Low security for low energy
Fitness bands have some security concerns that come with them, and this includes devices that use Bluetooth 4.0 VLE (Very Low Energy) and Internet of Things (IoT).
There was a specifically made key exchange encryption protocol designed just for Bluetooth 4.0 VLE. It manages to hit the goal of using less energy, but this leads to lower security and being compromised much easier. The AES-CCM is used for the session encryption protocol, which is a very secure protocol and well known. However, because of the key exchange’s limitations, it makes things rather simple to use brute force attacks on the temporary key (TK) as the exchange is conducted in cleartext.
Using a core i7 processor, all the possible combinations of a key pair can be processed within one second, meaning the hacker can literally crack the encryption in less than a second. When the hacker is communicating with the TK, protocol then follows, first negotiating short-term key (STK), and then the long-term key (LTK). The attack has to start at an initial pairing, but it’s just as easy to jam the session by forcing a new key exchange to begin.
Bluetooth 4.0 VLE has a range up to 100ft, so the device being used does not have to be that close to your fitness band (or other 4.0 VLE device). For example, a jogger keeping pace 50ft behind you could be breaking into your data transfer and collecting the information from your fitness band when transferred to your phone.
Data treasure trove
Other than your age and name, the data can contain various pieces of information that is attached to your account. This includes the GPS information of your address, your daily route and current location, which could cause personal safety issues. If you have linked your tracker to social media accounts, they could obtain even more personal information and make it available to others.they could obtain even more personal information and make it available to others.
This is information that has become valuable to companies that screen new business partners and hires. Things such as your diet and daily calorie intake, or regular exercise levels may be valuable to certain companies, such as life or health insurance companies that are looking to rewrite coverage policies or decrease profit losses.
Data now holds more value than ever when it comes to framing how the future of health care is conducted, among other industries. The companies that have a large data bank are purchased due to potential knowledge. Unstructured dta is also becoming more valuable as technology is advancing and able to analyze it. Health care data is currently extremely valuable on the Dark Web.
Are fitness bands best for security?
The question is, how do you go about protecting your private data and yourself?
The easiest way to protect yourself is simply turn off the Bluetooth feature from your phone until you’re back home or in a safe and trusted environment. The majority of fitness bands are able to store data for at least a day or more. Sync your band with your phone each day in a safe place. This will help keep the data from being collected by someone when using unprotected transfer.
The benefit of only using Bluetooth 4.0 VLE when needed is the improved battery life you may experience on your phone.