How to guard against compromised fitness apps

Connected fitness bands, watches and other wearables, along with their smartphone fitness apps, are booming for both business and consumer markets but they also present vulnerabilities, according to application security company, Ixia.

Gartner predicts that two million employees will be required to wear health and fitness tracking devices by 2018^[1].

However, research by IBM and the Ponemon Institute found that the average company tests less than half of the mobile apps they build, while a third never test their apps^[2].

Stephen Urquhart, general manager ANZ at Ixia, said these vulnerabilities and the expanded attack surface increases the opportunity for hackers to gain unauthorised network access, and get hold of sensitive personal or corporate information that can be used for commercial gain or other criminal purposes.

“There is no need for connected fitness devices to present as much of a security risk as they currently do. With advanced application and security testing solutions now available, fitness apps and devices can be tested thoroughly before going to market,” said Urquhart.

He said if businesses want to incorporate wearables technology into their IT infrastructure there are solutions available for increased protection.

“Organisations can also take matters into their own hands by using available testing solutions to make sure that incorporated hardware or software is not only secure, but also integrates with core business systems in a way that minimises potential vulnerabilities,” said Urquhart.

“Additionally, sources such as The Open Web Security Project (OWASP) can alert manufacturers and end users alike to the top known vulnerabilities, so they can be prepared and implement appropriate safety measures.”

At a recent IT security conference in the US, an on-site survey conducted by Centrify revealed a surprising percentage of IT professionals are lax with their own security when it comes to wearable technology.

Around 69% of wearable device owners surveyed said they forego login credentials, such as PINs, passwords, fingerprint scanners and voice recognition to access their devices — even though 42% of them claimed identity theft as their top security concern when it comes to their devices.

Over half of the respondents also used their wearables to access business apps and business documents.

For further information on testing and security solutions, go to www.ixiacom.com.

References
[1] Forecast: Wearable Electronic Devices for Fitness, Worldwide; Gartner; 2014.
[2] The State of Mobile Application Insecurity; IBM/The Ponemon Institute; 2015.

Image courtesy of Chun Yip So under CC-BY-2.0.