5 things to know about fitness trackers and security in 2018

Activity trackers, including dedicated fitness trackers and smartwatches, can expose enterprise networks if not properly managed and connected.

fitbit versa fitness
Michael Simon/IDG

Exactly how much of a security risk do activity trackers pose for enterprise IT? More than you might think: Hackers target fitness trackers and smart watches because they are often poorly secured and can expose passwords, reveal work habits of high-value employees, or serve as entry points to other systems.

At one end of the spectrum, there’s the AV-TEST Institute. The Germany-based research organization recently tested 12 fitness trackers and the Apple Watch Series 3 to see how secure (or not) they were. Eight of the 13 devices received the highest possible rating of three stars. However, AV-TEST evaluated the devices for personal security, not the risk to the enterprise.

Activity trackers—like all other devices that connect to the internet, an app, or some other technology—can’t be 100 percent secure, 100 percent of the time. The Strava incident from earlier this year illustrates how the data activity trackers generate and share could potentially be used for nefarious purposes.

Here are five things enterprise IT should know about activity trackers and security in 2018.

1. Fitness trackers are getting more secure, but some still risky

“Compared to earlier tests (that AV-TEST conducted), the manufacturers have taken the security of fitness data and the data protection of their customers significantly more seriously, which appears to make sense in light of the current data scandals.”

Thus concluded AV-TEST researchers from the organization’s most recent activity tracker security tests, announced in May 2018. In 2016, by comparison, AV-Test researchers concluded that tracker manufacturers “often don't pay sufficient attention to the aspect of security.”

For AV-Test’s 2018 study, each tracker was tested for the security of its external communications, local communications, connected app, and data protection. Based on the results of each test, devices received an overall score of one, two or three stars.  

Apple Watch Series 3 earned three stars, with good marks in each of the four test areas. This is noteworthy because Apple is currently the biggest wearable seller, according to Q1 2018 market data from IDC. As a result, enterprise IT folks will likely encounter a growing number of users in their organization wearing an Apple Watch.

Fitbit, which IDC says is now in third place worldwide among wearable device makers, received a similarly stellar score from AV-TEST for its Charge 2. Fitbit’s score is also worth noting because many workers wear Fitbits acquired through employer fitness programs, which are typically managed via the Fitbit Health Solutions platform.

To continue reading this article register now

7 hot cybersecurity trends (and 2 going cold)