Every Step You Fake – poor security and hackability

Nostradamus-esque 1980’s warbler Sting clearly foretold the activity tracking revolution of recent years with the “Every step you take” line in his song “Every Breath You Take” and of course Suunto clearly snatched his ideas of making MOVES from the same song. But there seems to still be a gap in the market for breath analysis, although Firstbeat are pretty good looking at EPOC – sort of related.

Anyway, enough low-level hilarity and back to the boring stuff; in fact back to the low-level cheating implicit in this post’s title.

I suppose if you want to cut the corner of a parkrun that’s up to you. I suppose if you can somehow hack into your fitness tracker to add on a 1000 more steps to beat your mates then that’s ‘Mostly Harmless’. However if you hack into your fitness tracker and manipulate the results and monitoring of your corporate wellbeing tracker then that’s another matter entirely. I would imagine, but don’t know, that some corporate wellbeing initiatives are financially linked to employee activity.

And when there’s money involved people tend to care a LITTLE bit more…

Which leads us to the Every Step You Fake Report and its excerpts below (Source: OpenEffect.ca/University of Toronto – thank you Tobias for your Eagle-eyed investigative reporting).

Tracker Security Findings

You can draw your own conclusions about integrity and security and, no doubt, you will have your own opinion on whether or not it matters.

Xiaomi, Withings, Garmin and Jawbone appear not to take this too seriously. Not seriously that is until yesterday’s announcement from Garmin about it’s unbreached security that will soon be improved – although the aforesaid report seems to think existing Garmin security can be breached because, presumably, the report’s authors managed to breach it. So has the unbreached security been breached or not as it clearly is breachable? I’m confused. Hopefully you are too.

Warnings

Does it matter?

Well it doesn’t matter to me particularly. But as we saw in this post, steps can obviously be changed to levels of incredulity (or there is a bug).

To keep to the theme:

I’ll be watching you.

3 thoughts on “Every Step You Fake – poor security and hackability

  1. much faster as DCRainmaker with the news, great!… there has been cases in front of US courts there Fitbit activity records has been used as evidence, in such circumstances it might not only about money but probably your freedom if someone is able to manipulate personal data’s in such way (to be fair, the report says Fitbit is not the worst one but probably the one who was busy yesterday in reassuring the audience about their unbreachable security as the 5k runner politely wrote…)

  2. Free Starbucks and Cinema tickets for activity with Vitality Health care for any amount of recorded activity.
    £500 off a bike from Evans and discounts from British Airways, etc, all with links to actual amounts of activity, more activity gets you more discount.
    I wonder when the first person will be fired for fraudulent activity logging…

Leave a Reply