Fitness trackers that transmit to the cloud could pose a risk to personal security, researchers have warned.

The devices record information such as numbers of steps taken, heart rate and calories burned.

But communication weak spots could mean the data ends up being shared with unwanted third parties, including online retailers and marketing agencies, it is claimed.

Loading article content

Fraudsters could also manipulate the devices to create false health records and obtain cheaper premiums from insurers who reward physical activity.

Scientists at the University of Edinburgh carried out an in-depth security analysis of two popular wearable fitness trackers made by Fitbit.

They found it was possible to intercept messages transmitted between the trackers and cloud servers, where the data is sent for analysis.

The researchers also showed how to get round the trackers' end-to-end encryption, which is supposed to keep the information secure.

After being told of the results, Fitbit responded by developing software patches to improve security.

Dr Paul Patras, from the University of Edinburgh's School of Informatics, said: "Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology development.

"We welcome Fitbit's receptiveness to our findings, their professional attitude towards understanding the vulnerabilities we identified and the timely manner in which they have improved the affected services."

The findings will be presented at the International Symposium on Research in Attacks (Raid) in Atlanta, Georgia, next week.