Difference between revisions of "Fitbit"

From SI410
Jump to: navigation, search
(Ethical Issue)
Line 35: Line 35:
  
 
===Unauthorized Tracking===
 
===Unauthorized Tracking===
 +
 +
===Device Security Risk===
 +
 +
According to a study, Security Analysis of Wearable Fitness Devices(Fitbit), done by MIT researchers Britt Cyr, Webb Horn, Daniela Miao, and Michael Specter, Fitbit provides a reasonable level of privacy for user data. However, the study also shows that the Fitbit devices were assigned a private address and this address does not change. This can potentially lead to unauthorized tracking through the person’s Fitbit’s bluetooth. This can also lead to attackers extracting the authentication key between the Fitbit device and smartphone or computer application which can result in launching a replay attack over bluetooth. During the process of pairing the fitbit device to the user’s phone, the phone can detect all fitbit devices within a certain range. This can raise some security concerns for finding or pairing wireless devices that do not belong to the user. The researchers also found that Fitbit device sends over Javascript to the phone, this may leave room for the attackers. Although the general security setup of the Fitbit devices is decent, there are some possible rooms that may yield unknown attacks. <ref>https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2015/03/20082016/17-cyrbritt-webbhorn-specter-dmiao-hacking-fitbit.pdf</ref>
  
 
==References==
 
==References==

Revision as of 10:19, 4 February 2022

Back • ↑Topics • ↑Categories

Fitbit is an American company focused on digital health and fitness and was founded in 2007 by Eric Friedman and James Park. The company focuses on using sensor and wireless technology to better advance the experience to fitness and health. [1] The Fitbit company is most known for its smartwatch and tracker products. The products are usually worn on the wrist or are clipped to clothing and other accessories to help keep track of steps, workout sessions, heart rate, and quality of sleep. [2] The Fitbit company was acquired by Google in 2021. [3]

Fitbit Logo


History

Features

Heart-rate monitor

Fitbit uses photoplethysmography in their technology to track heart rate. The new technology is named PurePulse. By monitoring the heart rate, it can help the user to achieve their weight goals, optimize their exercise routine and help to manage the stress levels. Photoplethysmography is a technology that uses light to measure blood flow. The volume of the blood in the users’ wrist will change when the heart beats. The blood can absorb green light. The higher one’s blood volume is, the more green light is absorbed. Photoplethysmography utilized this feature of the blood to calculate the blood flow by shining green light onto the skin. Then it uses light detectors to measure how much green light has been absorbed, it can then determine the heartbeat rate. [4]

Calories Burned

Fitbit devices combine the users’ BMR and activity data to estimate the amount of calories burned. This estimation can also be influenced by the heart rate data. The heart rate data have a heavy impact on estimation of calories burned during exercise sessions. The BMR data, which is also known as basal metabolic rate, is based on the physical data that the user entered such as height, weight, sex and age of the user. The data helps to estimate at least half the calories the user burns in a day since the body automatically burns calories even with daily activities. [5]

Sleep monitoring

Fitbit devices can help estimate the users’ sleep stages by using a combination of movement and heart-rate patterns. The device will assume the user is asleep if it hasn't been active for about an hour. Additionally, it can further confirm that the user is asleep by matching the length of time of movement to typical sleep behavior such as rolling over. While the user is asleep, the device tracks the changes in the user’s heart rate. This is known as heart rate variability. The heart rate will change as the user is going through different stages of light sleep, deep sleep and REM sleep stages. The Fitbit device will collect those data and compare them to the heart rate and movement pattern in the next morning to estimate a more accurate sleep cycle from the previous night.[6]

Products

Ethical Issue

Data Security

Unauthorized Tracking

Device Security Risk

According to a study, Security Analysis of Wearable Fitness Devices(Fitbit), done by MIT researchers Britt Cyr, Webb Horn, Daniela Miao, and Michael Specter, Fitbit provides a reasonable level of privacy for user data. However, the study also shows that the Fitbit devices were assigned a private address and this address does not change. This can potentially lead to unauthorized tracking through the person’s Fitbit’s bluetooth. This can also lead to attackers extracting the authentication key between the Fitbit device and smartphone or computer application which can result in launching a replay attack over bluetooth. During the process of pairing the fitbit device to the user’s phone, the phone can detect all fitbit devices within a certain range. This can raise some security concerns for finding or pairing wireless devices that do not belong to the user. The researchers also found that Fitbit device sends over Javascript to the phone, this may leave room for the attackers. Although the general security setup of the Fitbit devices is decent, there are some possible rooms that may yield unknown attacks. [7]

References

  1. https://www.fitbit.com/global/us/about-us
  2. https://www.fastcompany.com/company/fitbit
  3. https://www.fiercehealthcare.com/tech/google-closes-2-1b-acquisition-fitbit-as-justice-department-probe-continues
  4. https://healthsolutions.fitbit.com/blog/how-do-fitbit-trackers-monitor-heart-rate/
  5. https://help.fitbit.com/articles/en_US/Help_article/1141.htm
  6. https://healthsolutions.fitbit.com/blog/track-sleep/
  7. https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2015/03/20082016/17-cyrbritt-webbhorn-specter-dmiao-hacking-fitbit.pdf