Users of wearable technology can have their information tracked with just $70 worth of hardware, according to a new study.
Research carried out by security firm Symantec used a simple set-up combining a Raspberry Pi computer and a Bluetooth radio module, to scan for signals. The technology was taken to parks and sporting events where it was able to record data being broadcast from gadgets close by.
At no point did the device try to connect to any wearables, but Symantec said the data could be collected because wearables are simple devices that communicate with a smartphone or laptop to pass on information.
Taking their device to public places in Switzerland and Ireland, researchers Mario Barcena, Candid Wueest and Hon Lau found that wearable gadgets were particularly susceptible.
"All the devices we encountered can be easily tracked using the unique hardware address they transmit," the team wrote in a blogpost.
Some of the devices were also vulnerable to being probed remotely to reveal serial numbers or other identifying information. The researchers revealed it would be "trivial" for individuals with computer knowledge to access this data.
The Symantec team said that the ease with which user data could be accessed was a major concern.
"The lack of basic security at this level is a serious omission and raises serious questions about how these services handle information stored on their servers," the report added.
Some apps also did little to secure data when traveling from the user to central servers. It was even possible to manipulate information to gain data about other users and cause databases to execute commands sent by external agents.
"These are serious security lapses that could lead to a major breach of the user database," the team said.
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.