Call it the athlete’s (stolen) identity crisis.
Modern day fitness aficionados are rarely seen with device-free wrists. But while we lock up our valuables pre-workout, we often do the opposite with our activity trackers: We showcase personal data (including our location and health stats) to just about anyone who wants to find it.
Take a recent German study of 17 popular brands, including Jawbone, Garmin, and Polar: Researchers attempted to access and alter fitness data as it was transferred between a device and the cloud. In every case, they were able to falsify information.
Why would anyone want to do this? “Health data is gold mine,” says Ahmad-Reza Sadeghi, Ph.D., who led the study. Your health stats or geolocation position can easily be accessed (and potentially abused) by different parties, including insurance companies, employers, and governments, he says.
A few examples: It’s been reported that employers have used data services to track the location or pregnancy status of staffers. And an estimated two-thirds of insurance companies already use wearable data to engage with customers. Some predict they’ll soon be using it to raise or lower premiums, a practice already happening in the U.K.
If a company, unbeknownst to you, had access such crucial information, they could potentially charge you more money, falsify data, or discriminate.
Tracking devices are akin to a human black box. So it’s time we start keeping our most valuable information close. Lock up your data with three easy steps.
(1) Go Private
“I would suggest users be careful before using the built-in ‘share’ options most products have,” says Michael Haephrati, an information security specialist and CEO of Secured Globe, Inc. In addition to poking holes in your privacy (i.e. giving away your location to a hacker, which could put you in danger; or revealing a full workout you logged, which could be altered by someone who obtains the data), these options are prone to human error. You may end up simply sharing more than you intended.
Simple going into ‘private mode’ may allow you to hide your location while still tracking steps. It may make the experience a little less fun (no more maps showing all the places you walked today), but it mitigates the chance someone sees where you were or manipulates data without you knowing it.
(2) Download with Caution
Odds are your phone is full of fitness apps, none of which you’ve truly vetted for safety. Fortunately, many phones alert you before you download a questionable app. For example, iPhones give you a pop-up to let you know an app comes from an “untrusted developer”—a sign you should rethink the download. Other phones like those from Nexus require that you manually turn on a verification setting in order to receive warnings.
But even with security measures or trusted apps, malware attacksstill happen.
Your best bet is to download software accessories only via your phone carrier’s resources, like Google Play or iTunes. Furthermore, install some basic security software. Programs like 360 Security or AVG are free, well-tested, and offer great features (like speed and storage optimization).
(3) Skip Public WiFi
Many wearables use cloud-based storage in order to make your fitness data easily accessible to you wherever you are. But while it’s convenient to check your step count while waiting in line at Starbucks, public Wifi is designed to be open and easily available. And even when there is a password, you don’t have to be a seasoned hacker to break in. The internet is rife with guides on using open networks to steal passwords and execute similar attacks to the ones Sadeghi completed in his study.
The fix: Most fitness trackers offer the option between automatic and manual syncing with your phone or the cloud. Switch to manual, then only sync your data when you’re on a network you can trust—like your home or office WiFi.