Current Filter: Security>>>>>Feature>

   

People who engage in self-tracking do so for various reasons. Given the amount of personal data being generated, transmitted and stored at various locations, privacy and security are important considerations for users of these devices and applications. However, there are risks to all of this. Symantec, for example, has found security risks in a large number of self-tracking devices and applications.

One of the most significant findings was that all of the wearable activity-tracking devices examined, including those from leading brands, are vulnerable to location tracking, it claims.

"Our researchers built a number of scanning devices using Raspberry Pi minicomputers and, by taking them out to athletic events and busy public spaces, found that tracking of individuals was possible," says Orla Cox, security operations manager, Symantec Security Response. "We also found vulnerabilities in how personal data is stored and managed, such as passwords being transmitted in clear text and poor session management."

Many people who engage in self-tracking do it with gadgets such as electronic wristbands, smart watches, pendants, and even smart clothing. These gadgets typically contain a number of sensors, a processor, memory, and a communication interface. These gadgets enable the user to effortlessly collect, store, and transmit the data to another computer for processing and analysis.

"Despite the growing use of specifically designed gadgets, smartphones are perhaps the most common way for people to perform self-tracking," she explains. "A modern smartphone is packed with a wide range of different sensors that can be used by many different self-tracking applications. Many people already carry smartphones with them, and the proliferation of free self-tracking apps makes it easier than ever for users to get into self-tracking."

MISPLACED TRUST?
To start self-tracking, users simply choose from a wide range of apps in the various app markets, install one of them, sign up for an account and start tracking. At the end of every session, the user can review and sync the collected data to a cloud-based server for storage. "When we hand over our personal and quantified self data to these service providers, are we misplacing our trust in them?" Cox asks. "How do we know that they are taking the steps necessary to protect our information and our privacy? To help get a handle on this, we've looked at what's currently going on in the world of self-tracking."

Symantec has examined what vendors are doing to protect users of their services by taking a closer look at some of the most popular quantified self devices and apps on the market. Here are some of its findings:

LOCATION TRACKING
There are many wearable sports activity-tracking devices currently available on the market. These devices generally contain sensors to detect motion, but most are not designed for location tracking. Data collected by these devices generally has to be synced to another device or computer, so that it can be viewed. For convenience, many manufacturers use Bluetooth Low Energy to allow the device to wirelessly sync data to a smartphone or computer.

"However, this convenience comes with a price," Cox cautions. "The device may be giving away information that can allow it to be tracked from one location to another. To test how these devices could be tracked, we built some portable Bluetooth scanning devices using Raspberry Pi minicomputers and off-the-shelf components, which included a Bluetooth 4.0 adaptor, a battery pack and an SD card. All these components could be bought from a typical main street retailer. These were combined with open source software and some custom scripting. Each device cost no more than US$75 and could easily be put together by anybody with basic IT skills.

Page   1  2  3