Researchers at the annual 2014 DEFCON conference revealed just how easy it is for hackers to attain the personal information of users wearing health tracking devices, capable of recording much more than fitness activity.
Using an exploit, Aries Security researchers were able to extract personal health data, usernames, passwords and other information from the hundreds of DEFCON attendees within distance of the team’s hardware.
Markus stated the group of researchers found various vulnerabilities in multiple devices from different brands, with one brand in particular revealing considerable security flaws. Researchers have been attempting to contact the company to disclose the vulnerabilities.
“I don’t know how many makes and models they have, or which makes and models are affected, but we saw several hundred users exposed since we started looking,” said Brian Markus, Aries Security chief executive.
Users at risk of unintentionally leaking their own personal data went beyond the attendees at the DEFCON conference, as Markus reported they were able to access information from other tourists and casino clientele around the Vegas strip.
The growing popularity of these health gadgets clearly comes with increased security risks for potentially millions of users, with studies stating about one in six U.S. consumers currently use wearable tech.
“It’s contradictory because hospitals have to protect themselves and their customers from having their information exposed, but meanwhile, people are walking around with devices strapped to them… beaming out all their personal information,” said Markus. “They’re exposing themselves unknowingly.”
Categories: Top Security Stories