A Cybersecurity Guide for Using Fitness Devices

Abstract: The popularity of wearable devices is growing exponentially, with consumers using these for a variety of services. Fitness devices are currently offering new services such as shopping or buying train tickets using contactless payment. In addition, fitness devices are collecting a number of personal information such as body temperature, pulse rate, food habits and body weight, steps-distance travelled, calories burned and sleep stage. Although these devices can offer convenience to consumers, more and more reports are warning of the cybersecurity risks of such devices, and the possibilities for such devices to be hacked and used as springboards to other systems. Due to their wireless transmissions, these devices can potentially be vulnerable to a malicious attack allowing the data collected to be exposed. The vulnerabilities of these devices stem from lack of authentication, disadvantages of Bluetooth connections, location tracking as well as third party vulnerabilities. Guidelines do exist for securing such devices, but most of such guidance is directed towards device manufacturers or IoT providers, while consumers are often unaware of potential risks. The aim of this paper is to provide cybersecurity guidelines for users in order to take measures to avoid risks when using fitness devices.