Training Equipment Surrounding A Mobile Phone That Displays A Fitness App

Fitness Apps Present New Targets for Hackers

Hackers have started using fitness apps to work out new ways to steal health records, and seem to be warming up in their race to compromise this kind of healthcare technology.

When GDPR comes into effect this year, the companies making the apps will become culpable for the break-ins. If the bad actors had waited three more months to infiltrate the MyFitnessPal app, the app’s maker would have had enormous obligations to meet under the new regulations.

Assessing the damage of the hack

MyFitnessPal and associated Under Armour apps provide the company with the largest database in the world of athlete behavior. ZDNet reported that Under Armour runs a connected fitness platform that includes UA Record, MapMyFitness, Endomondo, and MyFitnessPal. The company integrated the applications on Amazon Web Services. The firm collects data from millions of athletes on workouts, nutrition and sleep patterns.

The February 2018 breach of the MyFitnessPal saw the theft of 150 million customer records. The data pilfered included user names, email addresses, and hashed passwords. Under Armour disclosed the crime four days after it had discovered it. 

While the passwords to MyFitnessPal may have been hashed, hackers use programs to un-hash the codes. Typically, users of every stripe tend to assign the same passwords across many – and, sometimes, all – their computer applications. The break-in would potentially allow black hats to infiltrate other accounts MyFitnessPal customers enjoy. The likelihood is high that customers used the same password for other apps in the Under Armour universe.

GDPR Means Business

Mobile phone displaying the EU/GDPR logoThe EU interprets the relationship between consumers of online products and product makers as a binding legal agreement. Companies incorporated in EU countries will be responsible for the protection of personal data they collect and maintain. 

The EU will heavily penalize organizations that do not honour binding privacy agreements with consumers. Violators will find themselves saddled with a financial penalty of 20 million euros or four-percent of their global revenues, whichever is the greatest.

Secure fitness apps

Most app makers focus their development energies on making their products easy to use and sexy to look at. Security of the app itself and the data at the core of the technology tend to be afterthoughts in the world of the Internet of Things (IoT). Criminals, however, have opposing objectives. They are constantly searching out, probing, and pushing at the security vulnerabilities of apps.

Application Shielding and RASP is one of the most reliable defences against hackers intent on exposing sensitive data and only requires a few minutes for the app provider to implement. Once secured, the fitness apps are immediately ready for distribution via public app stores.

The radical change in the EU’s regulatory environment demands a change in the behaviour of companies that are the custodian of customer data files. As fitness devices and accompanying apps become more commonplace, companies that want Europeans as their customers will have to adopt new technologies that protect data where the data resides. Application Shielding and RASP provides just such a defence.