Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Garmin "transmits basic fitness data without encryption"

Former Member
Former Member over 9 years ago
Just reading the CBC article (http://www.cbc.ca/news/technology/fitness-trackers-monitoring-users-1.3428817) about Garmin transmitting our data unencrypted ("The Citizen Lab researchers conclude the Garmin app, called Connect, sends heart rate, workout and movement data across the internet without encryption.").
I chose Garmin as I thought that, given they'd been in this business for a long while, they'd have security buttoned up.

Really worrying.

The article also talks about people being able to hack your data. Maybe this explains why I've had some days where I've apparently walked over 30,000 steps while spending the whole day at home without exercising.

It appears Garmin declined to comment. That's almost more worrying than the lack of focus on data security as it implies they've nothing to counter it with.
  • Former Member
    0 Former Member over 9 years ago
    no encryption?!?!?!!!!!

    I just read the same article and came here to post but found this thread started already.

    This is quite concerning.

    In today's landscape of security issues & breaches encrypting any personal data sent over the net is a must! We had better get some information on how they plan to fix this issue, and quickly, otherwise I'm switching to one of the competitor's products that does encrypt my data.
  • Former Member
    0 Former Member over 9 years ago
    And is also the most lax in the study



    This table from the article says it all. I hope Garmin addresses this soon or I'm going to splurge on an Apple Watch!
  • Former Member
    0 Former Member over 9 years ago
    encryption is "coming soon"

    This got posted today: http://garmin.blogs.com/my_weblog/2016/02/statement-on-garmin-connect-mobile-security.html

    Looks like they're listening! Going to keep an eye out for this update and see if it's what they promised.... here's hoping!
  • Former Member
    0 Former Member over 9 years ago
    Garmin should be listening - Garmin came off looking bad in the report. The report claims Garmin data can be read and modified by a third party using a man in the middle attack. I have a Vivosmart HR and an Edge 810. I've turned off bluetooth on both of them until the next update and, hopefully, more information from Garmin.

    The report: https://openeffect.ca/reports/Every_Step_You_Fake.pdf
  • 0 over 9 years ago
    Agreed - Garmin really need to focus on issues like this - it took them forever to fix the strange glitches in Connect where sometimes you could log in and go into completely the wrong account
  • Former Member
    0 Former Member over 9 years ago
    App uodate

    Did you notice that in the latest update (I got mine today) it says "SSL data encryption enabled throughout application".
    Better late than never (assuming this is, at least in part, what we're asking for)

    Now I just need to find out what the heck "SSL" means!
  • 0 over 9 years ago
    Now I just need to find out what the heck "SSL" means!

    SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.


    In this case, GCM is acting as the browser
  • 0 over 3 years ago

    What about encryption if your watch gets stolen and someone connects it to a computer via USB?