The fitness industry is already struggling due to the global coronavirus pandemic and now constant cyberattacks are adding bigger challenges to the situation. In addition to this, the use of technology is becoming a double-edged sword for the industry, leaving several loopholes for users to fall into. A vulnerable server or software is enough to make room for cybercriminal to compromise an entire organization.
- A researcher from Immersive Labs created a malicious watch face, using app-building APIs, that could steal personal sensitive data stored in Fitbit devices.
- Lax Fitbit privacy controls let the researcher push this app to the Fitbit Gallery – Fitbit’s app store that showcases all their in-house and third-party apps; hence bypassed detection.
- A simple download and install of this application by the end-user could infect the device (Android and iPhone) and steal data.
Challenges for the industry
Recently disclosed incidents
- Last month, Town Sports International exposed its customer data after an unprotected server holding almost a terabyte of spreadsheets. The server had no password to access it.
- In August, Fizikal, a gym application management platform, exposed the information of thousands of users. Researchers were able to bypass security checks and successfully enumerated users.
What to do?
The sports and fitness industry is becoming a soft target for cybercriminals as it does not have any clear security guidelines for protection against cyberattacks. According to experts, organizations must understand the importance of protecting sensitive information and have a proper response plan to recover quickly from such attacks.