Wearables, apps disclose user passwords and location: Symantec

Smart phones, mobile apps and wearable technology devices such as wristbands that monitor biometric signs are privacy and security risks to their users according to a recent report from Symantec Corp.

The software and security company recently sent out its researchers armed with a $35 Raspberry Pi microcomputer tricked out with a Bluetooth scanner to various athletic events and busy public spaces in Ireland and Switzerland and found that it was incredibly easy to track individuals by homing in on the signals of their mobile devices – many device manufacturers use Bluetooth Low Energy to enable the devices to wirelessly sync data to a smart phone or computer.

In story Bluetooth scanner, mobile device, security wearbles Symantec

Apart from finding out that all of the wearable activity tracking devices examined are vulnerable to tracking, Symantec reported that one in five (20 per cent) mobile applications transmitted passwords in plain text.

IN story - wearable tech, security, privacy Symantec

“From the results of this research, it appears that manufacturers of these devices (including market leaders) have not seriously considered or addressed the privacy implications of wearing their products,” according to an official blog by Symantec. “As a result, the device and by association the wearer can easily be tracked by anybody with some skills and a few cheap tools.”

Symantec also stressed the privacy implication of potential unauthorized access to data collected by the devices.

in story - smart phone sensors security privacy Symantec

Devices such as sports activity-tracking wearable devices or smart phones with activity tracking apps generally contain sensors to detect motion and location. Many of the apps and services also have a cloud server-based component which requires users to upload and store data collected from their apps for safekeeping and analysis.

Aside from just storing data on activities, Symantec said, some services also collect personal information such as: date of birth, relationship status, addresses, photos and other personal statistics.

in story - wearables tracking sensors privacy security Symantec

Users are given a password to prevent unauthorized access to the data.

However, Symantec found that an “unacceptably large proportion of these apps and services” do not handle sensitive user data such as user names, email address) and passwords, securely. Many of the apps transmit user-generated data, including login credentials, through the Internet without the benefit of encryption.

“This means data could be easily intercepted and read by an attacker,” Symantec said. “The transmission of credentials in clear text is especially troubling given that large numbers of people have a propensity to reuse login credentials at multiple sites.”

To find out how to mitigate the security and privacy risks, click here.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Nestor Arellano
Nestor Arellano
Toronto-based journalist specializing in technology and business news. Blogs and tweets on the latest tech trends and gadgets.

Related Tech News

CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.