According to Juniper Research, 19 million fitness bracelets were sold in 2014. Source: Alamy / Legion Media
Roman Unuchek, an expert on mobile threats from the Kaspersky Lab, has been able to break into dozens of fitness bracelets while testing their security. He spoke about his research and the possible consequences for users of the devices on his blog.
A special application for mobile devices that employs Bluetooth LE technology is used for accessing wearables. The Bluetooth LE differs from regular Bluetooth in that it does not have a password. Most bracelets do not have a screen or buttons that could be used to insert a password, a loophole that hackers can take advantage of. Unuchek points out that it is even possible to connect to a bracelet that is already synchronized to the owner's smartphone.
After he understood the technology of device identification better, Unuchek created a program that automatically scanned the nearby area and connected to smart bracelets.
The author of the study presents some interesting statistics. In two hours in the Moscow metro he was able to connect to 19 devices: 11 FitBit and eight Jawbone ones. In the course of an hour in a fitness club in the city of Bellevue, a suburb of Seattle in the U.S. he latched onto 25 devices: 20 Fitbit, one Nike, one Jawbone, one Microsoft, one Polar and one Quans. In two hours Unuchek connected to 10 fitness trackers (three Jawbones and seven Fitbit) in Cancun, Mexico during a conference.
It is important to note that the security expert was not able to get user information on all occasions, such as those related to the number of a user's steps or the phases of their sleep. However, Unuchek obtained access to the management of the bracelets' functions.
Unuchek gives two examples of the dangerous consequences of unsanctioned access to smart bracelets. In the first the intruder can force the smart device to constantly vibrate and then demand money to turn it off, a potential cyber crime.
Also, if a bracelet with a pulse sensor is broken into, the owner of a shop can follow the frequency of the customer's pulse while the latter is looking at the discounts in the shop, says Unuchek. Such a method can be used to find out people's reactions to advertising. Furthermore, a bracelet with a pulse sensor that has been hacked into can be used as a lie detector.
With the appearance of new sensors and software renewals in fitness trackers, hackers may also have other new opportunities, warns Unuchek.
According to Juniper Research, 19 million fitness bracelets were sold in 2014. The company estimates that the number will increase to 60 million by 2018.
In April 2015 Apple will begin selling its smart watches, which will follow users' heartbeats, among other functions.
In an interview Leonid Shebarshin, a former head of the First Chief Directorate of the KGB said, “Our good fortune will only be made known after we suffer a major defeat. Our real success will be made known no earlier than 50 years down the line.” Successful spy operations are already a thing of the past, with modern-day intelligence seeming to consist of a series of failures.
All rights reserved by Rossiyskaya Gazeta.