Wearable fitness trackers are becoming increasingly popular, as users turn to these devices to help them monitor indicators of their health and physical activity. But as you strap on your device and head out for the day, one security experts suggests taking a few extra steps to increase the security of your personal data.
Fitness trackers including Fitbit and the Apple Watch are surging in popularity, and are proving to be popular gifts.
On Christmas Day, Fitbit's app was the most downloaded on Apple's app store, suggesting that the fitness trackers were a hot seller during the holiday season.
For those who aren't familiar with them, wearable fitness trackers are devices that can be attached to an individual, and will collect information about the user's physical activity levels.
Commonly collected data include total steps taken, total stairs climbed, total hours of sleep and total calories burned in a day.
This data is often uploaded to a user's personal account, typically registered with their personal email, where they can check their progress over time. Many wearables also allow users to connect with others, to compare and share their progress.
While these devices can help individuals keep track of their activity levels and stay motivated to reach their fitness goals, people should take steps to make sure this information is secure, says ESET Senior Security Researcher Stephen Cobb.
Cobb says that people who use fitness trackers should remember the kinds of often very personal information they're uploading to their accounts.
He pointed to a major security breach last year, when toy-maker VTech, which makes smart watches for children, discovered that the personal information from approximately five million customer accounts related to kids' profiles had been compromised.
"You might say, 'What does it matter if somebody gets my personal information?'" Cobb told CTVNews.ca. "There are two things to worry about, really: One, it's just not really nice if a stranger, potentially a criminal stranger, gets your personal information, and two, there may be attempts to use that information in some sort of scam or scheme."
He suggests people who wear fitness trackers consider taking the following steps to increase the security of their personal information they're uploading to their registered accounts:
1. Give your device a name that is not recognizable, or easily traceable to you. So, for example, don't call your fitness tracker "John Clark's Fitness Tracker." Instead, create a user name for your device which is hard for somebody to track back to you, Cobb said.
2. When creating an online account to store your personal data, use a unique, strong password that is difficult for anyone to guess. Cobb said this is especially important for people who have accounts with multiple services online, and who use the same email and password for each one. People who do this face extra security risks, because if there is a security breach at one company, hackers potentially have access to all of your other accounts, he said.
3. When accepting friends to follow through your fitness tracker, be aware of exactly what information you're sharing and with whom you are sharing it. "The social aspect of fitness trackers is very interesting, and has the potential to improve the value you get from the tracker," Cobb said. "But just like social networking, you want to be very careful who you accept as friends… don't accept people unless you're absolutely sure who they are, and you're clear on what you're sharing."
5. Keep an eye on the news about these devices. This is especially important, as fitness trackers are relatively new, Cobb said. As they increase in popularity, the risk associated with them may change, he said.
In an email to CTVNews.ca, Fitbit said it has always been committed to protecting consumer privacy and keeping data safe.
"Fitbit has committed to never share users' personal information with others unless the user directs us to," the email said.
The company says it uses "privacy by design" principles, to ensure that transparency, consumer choice and security are prioritized in the design of all Fitbit products. It notes that Fitbit users are in full control of when, or if, they share any of their data, and that these sharing settings are set to private as a default.
"It is the user's choice to share their data," the company said.
In addition to using a unique password for every online account, Fitbit also recommends users take steps to keep their computers free from malware. More information on Fitbit security can be found on its website.
In an email to CTVNews.ca, an Apple spokesperson highlighted some of the security features that come with the Apple Watch, including "Activation Lock," which requires the user to enter their iCloud Apple ID and password when activating the device. Doing so can help protect the wearer in the event their Apple Watch is stolen, by securing their personal information, the spokesperson said.
"When your phone is locked with a passcode or Touch ID, all of your health and fitness data in the health app is encrypted," the spokesperson said. "Any health data backed up to iCloud is encrypted both in transit and on our servers."