A Cybersecurity Guide for Using Fitness Devices

TL;DR

This paper reviews cybersecurity risks associated with fitness devices and offers practical guidelines for users to mitigate potential threats, emphasizing the importance of user awareness and security practices.

Contribution

It provides a comprehensive set of cybersecurity guidelines tailored for fitness device users, addressing a gap in existing manufacturer-focused security advice.

Findings

Fitness devices collect sensitive personal data.

Wireless vulnerabilities can lead to data breaches.

User-focused security measures can reduce risks.

Abstract

The popularity of wearable devices is growing exponentially, with consumers using these for a variety of services. Fitness devices are currently offering new services such as shopping or buying train tickets using contactless payment. In addition, fitness devices are collecting a number of personal information such as body temperature, pulse rate, food habits and body weight, steps-distance travelled, calories burned and sleep stage. Although these devices can offer convenience to consumers, more and more reports are warning of the cybersecurity risks of such devices, and the possibilities for such devices to be hacked and used as springboards to other systems. Due to their wireless transmissions, these devices can potentially be vulnerable to a malicious attack allowing the data collected to be exposed. The vulnerabilities of these devices stem from lack of authentication, disadvantages of Bluetooth connections, location tracking as well as third party vulnerabilities. Guidelines do exist for securing such devices, but most of such guidance is directed towards device manufacturers or IoT providers, while consumers are often unaware of potential risks. The aim of this paper is to provide cybersecurity guidelines for users in order to take measures to avoid risks when using fitness devices.