Security of Smartwatches with Health and Fitness Tracking

Laura BednarCybersecurityLeave a Comment

Apple Watch and Fitbit Security

The Apple Watch and Fitbit wearables have taken the place of the traditional Rolex. People are now checking their wrist to read emails, text messages, and in some cases answer calls. Apple has been granted patents for its watches that include the integration of biometric sensors in the wristband.

Advances in the Name of Health and Privacy

One of Apple’s patents from the United States Patent and Trademark Office for their Smart is for biometric sensors integrated into the bands of Smartwatches. These sensors would allow a user to unlock their Watch or paired iPhone without entering a passcode or using Face ID. The embedded thermal sensor would use skin texture and wrist hair patterns to authenticate a user.

The second patent is for indicators in the watchband that would display details from an iPhone’s “Activity” app like the step counter and heart rate monitor. The illumination system would provide icons and indicators along the band that change to inform users of their health. Apple stated that having these smaller lights and icons would protect health-related information from being displayed on the watch screen itself for others to view.

The final patent allows for an Apple Watch to self-tighten around your wrist to ensure it doesn’t move during a workout or other activity. This action may also give users an automatic heart rate reading.

Fitbit Versus Apple

Fitbit watches have also tried to do their fair share of health monitoring by partnering with Cardiogram. This screening tool allows users to detect signs of diabetes, hypertension, and sleep apnea among others. If a user is detected as at risk for a health condition, they are given diagnostic testing and guided to condition management programs.

The newest version of the watch, Versa 2, offers similar features to other Fitbit watches with the “Relax” app for breathing exercises when you are stressed, movement reminders, and step counting. The newest feature is sleep tracking, which utilizes heart rate monitors to see how well you are resting.

Apple watches provide much the same health tracking coverage as FitBits including heart monitoring. An additional feature can sense when the noise level is such that it may affect your hearing. They are currently looking into adding sleep tracking based on watch motion, heart rate, and noise detection.

Storing the Data

FitBits’ website states that they use a combination of technical, administrative, and physical controls to maintain the security of your data including Transport Layer Security to encrypt many of our services. They promise that data is only shared:

  • When you agree or direct the company to share
  • For external processing
  • For legal reasons or to prevent harm

Apple claims that their biometric data never leaves the security chip on the device and therefore does not go to the iCloud or Apple servers. Fitbit watches use Bluetooth Low Energy technology to sync with phones, tablets, and some computers. Fitbit scales use Wi-Fi to connect directly to your router. Online articles mention that FitBit servers store information for synching purposes.

Security of the Smart Watch

The idea behind most biometric identifiers is convenience for the user. With the possibility of an Apple Watch that simply unlocks after reading skin patterns, the need for button pressing becomes obsolete. The problem with biometric technology is that they rely on the fingerprints and other DNA of humans, who are by nature flawed. We leave this information on surfaces and other areas as we go through daily life. This means the systems that use our identifiers must have security.

Apple claims their data never leaves their product chips, but if this were to change, it could become a cause for concern. Our Director of Forensics at SecureData, Allan Buxton explained that security is defined by making use of at least two of the following access controls:

  • Something you know
  • Something you have
  • Something you are

Biometrics, of course, is something we are. Buxton said, “I’m not sure how skin or hair patterns will hold up over time, as bodies age and the hairs are abraded by the watch, but the bigger concern will be the same one current biometrics face.”

Our SecureForensics services take the highest security precautions when examining media for evidence of cybercrime. The company is SSAE 18 Type II Certified, HIPAA Compliant and uses our line of SecureDrive®️ hardware encrypted data storage devices for transferring information to customers. For more information on our security practices, forensic services, or data storage products, call 1-800-388-1266.