The latest health fad is to have your fitness results sent to the cloud for analysis and comparison with others. But how secure is that data?
Researchers at Florida International University in Miami, Florida, have discovered exploitable vulnerabilities in the Fitbit health monitoring system that could allow malicious hackers to hijack Fitbit users’ accounts, access or even manipulate their personal health data to earn prizes and monetary rewards, according to Security Ledger.
The findings in the report Fit and Vulnerable: Attacks and Defenses for a Health Monitoring Device can also be applied to other health monitoring devices.
Their conclusion? Fitbit needs encrypted communications protocols. The resaerchers designed their own and report that a version designed to run on Android would add only 2 percent overhead over the current webserver load on the backend. This seems a reasonable balance of convenience vs security.