Recently, Symantec Security Response experts conducted an in-depth study on wearable health tracking devices and apps and found that there were multiple vulnerabilities with these devices, which hackers could exploit to gain access to your personal information. 

It used to be that your health was information shared between you and your doctor only, but the latest in mobile technology is changing that. The recent boom of fitness and health tracking devices, such as wristbands, heart monitors, and other “wearables” and their accompanying apps, allows many of us to keep better track of our health and physical fitness goals, and even share them with peers. However, the fact that these devices are tracking very personal health data and transmitting information via Bluetooth LE or wireless Internet leaves the information they hold vulnerable to cyber criminal activity.

The Market For Discreet Data

Why would someone else want your personal health information? While attacks on these devices are not yet widespread, our experts believe that hackers could sell personal fitness data to companies, or use it as a blackmail tactic to extort users. The study also found that non-Internet connected fitness devices could be traced, which could reveal the whereabouts of the user at any given time.

Most of these devices also connect to mobile apps. The security for these apps is often weak, and implements poor session management, which lets attackers figure out the user space and pick out personal data that the users are tracking, including email addresses and photos. In addition, 20% of apps transmit user login credentials through clear text (not encrypted), which adds greater risk for users to have their accounts compromised. These fitness and health tracking apps also connect to a large number of domains, which could mean that they are sharing information with multiple advertising networks and research analytics firms for marketing, app performance/testing, and user behavior research purposes. Many of these apps lack a privacy policy, which makes it unclear how personal data will be used once it’s tracked.

Tips To Keep Your Identity Safe With Mobile Apps and Wearables

So, how do you keep your tracked data safe from these kinds of vulnerabilities that our researchers found? They provided some tips to help keep your information private and secure:

1. In order to thwart location stalkers when you’re using a wearable device, make sure that you do not include any personally identifiable information, such as your own name. Think of an alias that motivates you. “HalfTigerHalfUnicorn” is a lot more fun than “Sue Smith” anyway, right?
   
   
2. Mitigate the risk of your password being compromised by choosing a complex password unique for this service. Check out our Password Generator if you’re stuck.
   
   
3. Always check the privacy policy of the apps you download to make sure that you know how your data is being used. Information is key!
   
   
4. While using a mobile phone or tablet, be sure to download Norton Mobile Security to secure your device against mobile threats, and detect apps that share your data with third parties.

For more information on this latest study, please visit the Symantec Security Response blog on Symantec Connect.