Software, Data Hacking and Fitness Bands2015-Sep-30



So everybody, well almost everybody, is wearing a fitness tracker of some variety. Almost everybody, because I haven’t jumped on that bandwagon yet, but that’s another story. With the ability to develop applications specifically for these devices and for these apps to be available across devices, there is an increasing amount of interest in this topic. This short article outlines some basic capabilities, what you should consider and some posed safety risks which you should know about to prevent your data from being ‘hacked’.

Part 1: Software Development

Back in May 2015 Microsoft released a SDK (software development kit) for those who want to create apps for the Microsoft Band fitness tracker. With this SDK developers are able to create applications that can access information from the fitness bands sensors and also allow applications to send notifications from a paired smartphone to the fitness band. This allows developers to create applications that support Windows, access all calorie data recorded and stored in the fitness band and connect to the band from tasks running in the background. The functionality exposed by this SDK includes access to all the fitness bands sensors such as a heart rate monitor, accelerometer and gyroscope. Versions of the SDK are available for each mobile operating system. This in tandem with Microsoft Health (a cloud-based fitness service that offers personalised health related information using data gathered from fitness bands) allows the potential for competition against Apple and Google and there offering.
Ignoring the individual software vendors and fitness bands themselves the scope is simply immense! Not only are existing fitness apps so much more useful, because let’s face it who wants to input all their calories intake or exercise details into an app when it can be done automatically, but the opportunity to provide focused and extremely relevant informed services to the consumer has never been better. As more and more devices become connected and can share your health related information, the more useful they can become. I will admit I was pretty envious when hearing about the WIFI weight scale that shared information with the fitness band and all that information was shared with an app on the users phone to provide amazing data and reporting. With the ability to develop and deliver apps that can access some of these devices, the potential is exciting.

 

Part 2: Your health data

All the data that is recorded by the sensors on your fitness band is available when pairing to the device through the Bluetooth LE protocol, which doesn’t require a password to pair two devices. By using the standard Android SDK you can easily scan for any Bluetooth LE fitness band in the vicinity and attempt to connect to it. In fact the only thing that stops anyone from just connecting to these bands and accessing all the data is if there’s already a phone connected to the device! However, it is also possible to disrupt the connection between a paired phone and a band, giving the software the opportunity to connect instead. So what is the downside of having your band hacked? Not much at this stage, they are still in their relative infancy and only record calorie and exercise related information, but this is also changing and you wouldn’t want your GPS recorded location history available? That could quite easily allow someone to know where you worked, lived, etc.
No doubt the band manufacturers will address this, but until then it’s possible.



George Toursoulopoulos is a technology specialist and CEO of Synetec, one of the UK’s leading providers of bespoke software solutions.