Snoops might be able to track your movements using the Bluetooth signal from your fitness tracker, according to a new report.
The research group Open Effect studied eight popular fitness wearables: the Apple Watch, the Basis Peak, the Fitbit Charge HR, the Garmin Vivosmart, the Jawbone UP 2, the Mio Fuse, the Withings Pulse O2, and the Xiaomi Mi Band.
Only the Apple Watch passed a simple security test.
When you walk around with a wearable device like a smartwatch, it emits a Bluetooth signal. It uses that signal to constantly chat with your smartphone, passing information back and forth. Usually, that data is encrypted so hackers can't listen in. But even if they can't understand the conversation between your phone and wearable, snoops can recognize the MAC address – or unique voice with which the device speaks. With that information, they can track you as you move from place to place.
A secure wearable would change its MAC address periodically to confuse snoops. The Basis Peak, the Fitbit Charge HR, the Garmin Vivosmart, the Jawbone UP 2, the Mio Fuse, the Withings Pulse O2, and the Xiaomi Mi Band failed to do that.
Open Effect's researchers suggest lots of different people, from shopping center employees to law enforcement personnel, could use that data to learn details about your movements that you'd probably prefer stay private.
Even more alarming for some users, the researchers found that Withings and Garmin fail to encrypt their data, allowing hackers to listen in.
The researchers also found they could insert fake information into the Jawbone and Withings device feeds, which might enable users to falsify medical data promised to health insurance companies.
We've reached out to the implicated wearable brands for comment, and will update if we hear back.
Check out Open Effect's full report here.
