The popularity of wearable devices is growing exponentially, with consumers using these for a variety of services. Fitness devices are currently offering new services such as shopping or buying train tickets using contactless payment. In addition, fitness devices are collecting a number of personal information such as body temperature, pulse rate, food habits and body weight, steps-distance travelled, calories burned and sleep stage. Although these devices can offer convenience to consumers, more and more reports are warning of the cybersecurity risks of such devices, and the possibilities for such devices to be hacked and used as springboards to other systems. Due to their wireless transmissions, these devices can potentially be vulnerable to a malicious attack allowing the data collected to be exposed. The vulnerabilities of these devices stem from lack of authentication, disadvantages of Bluetooth connections, location tracking as well as third party vulnerabilities. Guidelines do exist for securing such devices, but most of such guidance is directed towards device manufacturers or IoT providers, while consumers are often unaware of potential risks. The aim of this paper is to provide cybersecurity guidelines for users in order to take measures to avoid risks when using fitness devices.

中文翻译：

---

使用健身器材的网络安全指南

随着消费者将可穿戴设备用于各种服务，可穿戴设备的普及正成倍增长。健身设备目前正在提供新服务，例如使用非接触式付款购物或购买火车票。此外，健身设备正在收集许多个人信息，例如体温，脉搏率，饮食习惯和体重，行进距离，消耗的卡路里和睡眠阶段。尽管这些设备可以为消费者提供便利，但是越来越多的报告警告此类设备的网络安全风险，以及此类设备被黑客入侵并用作其他系统跳板的可能性。由于它们的无线传输，这些设备可能容易受到恶意攻击，从而使所收集的数据暴露出来。这些设备的漏洞源于缺乏身份验证，蓝牙连接的缺点，位置跟踪以及第三方漏洞。确实存在用于保护此类设备的准则，但是大多数此类准则是针对设备制造商或IoT提供商的，而消费者通常并不知道潜在的风险。本文的目的是为用户提供网络安全指南，以便采取措施避免使用健身器材时的风险。