Is your gym exposing more than your abs?

Stay in good cyber shape by protecting personal data during your workout

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

When Apple announced a seri­ous hard­ware flaw last week, and the crit­i­cal secu­ri­ty patch that addressed it, my first thought was per­haps arbi­trary: “That exploit would work at the gym.” My next thought: What else would?

Adam Levin, chair­man and co-founder of Credit.com and Cyber­Scout (for­mer­ly IDT911)

The dis­cov­ery of a zero-day exploit affect­ing hardware—specifically a Wi-Fi chip embed­ded in the main proces­sors of Apple devices—was seri­ous news. The vul­ner­a­bil­i­ty makes it pos­si­ble for a hack­er with­in range to “exe­cute arbi­trary code on the Wi-Fi chip.” A sim­i­lar vul­ner­a­bil­i­ty was announced and patched on the Android plat­form ear­li­er in the month.

The gym often is seen as a safe space to burn off steam, clear your head and boost your heart rate, but it also can be dan­ger­ous. The gym stores a lot of per­son­al infor­ma­tion and is filled with strangers in close prox­im­i­ty to one anoth­er. Because of this, it’s impor­tant to think about more than build­ing phys­i­cal strength — build­ing cyber strength is cru­cial to mak­ing your­self a hard­er tar­get to hit.

The gym often is seen as a safe space to burn off steam, clear your head and boost your heart rate but it also can be dan­ger­ous. The gym stores a lot of per­son­al infor­ma­tion and is filled with strangers in close prox­im­i­ty to one anoth­er. Because of this, it’s impor­tant to think about more than build­ing phys­i­cal strength — build­ing cyber strength is cru­cial to mak­ing your­self a hard­er tar­get to hit.

Here are a few things to make your next trip to the gym as scam-proof as possible.

How is your per­son­al data stored?

Your gym can require and request a ton of per­son­al infor­ma­tion: your Social Secu­ri­ty num­ber, driver’s license num­ber, cred­it and bank­ing infor­ma­tion, your home address and, in some cas­es, your med­ical or health infor­ma­tion. In the hands of the wrong per­son, this infor­ma­tion can lead to iden­ti­ty theft and major breach of privacy.

Your job is to reduce your attack­able sur­face and watch out for scams.

The first ques­tion you should ask is how your infor­ma­tion is stored, and who has access to it. Don’t accept a vague answer unless it is the cor­rect answer. “I’m not sure,” might indi­cate an ill-informed point of con­tact at the front desk or, worse, a total lack of data secu­ri­ty. Don’t be sur­prised if every­one who punch­es the clock at your gym has access to your information.

Because of this, it’s impor­tant to think about what kind of infor­ma­tion your gym has and why they need it. Try to lim­it what infor­ma­tion they get, even if it is “required.” While the gym needs to iden­ti­fy you, they don’t need much data to do that. It’s your job to give them the bare min­i­mum they need.

Juice jack­ing

Be wary of charg­ing your devices at the gym. Sim­ply plug­ging your phone into the wall can make you vul­ner­a­ble to juice jack­ing, a cyber attack where a charg­ing port does dou­ble duty as a data con­nec­tion that either steals user data or down­loads mal­ware to steal it at a lat­er time.

Though it seems unlike­ly, if your gym’s own­er isn’t up to date with scams, the gym may unwit­ting­ly allow a hack­er to install a data-steal­ing kiosk for mem­bers to use.

Always pay atten­tion to phone pop-ups. Both Apple and Android now have stop­gaps to avoid juice jack­ing exploits, but the warn­ing screen can be dis­tract­ed­ly tapped away and ignored, thus open­ing the door to an intrud­er.

If you want to reduce the risks while charg­ing your devices at the gym, look into USB cords with­out data trans­port­ing cables. You also can make juice jack­ing impos­si­ble by using the AC adapter your device came with or a back-up bat­tery device.

Pub­lic Wi-Fi

Here’s anoth­er way your devices can leave you vul­ner­a­ble to attack. Sign­ing on to your gym’s pub­lic Wi-Fi can be risky—such is the case when­ev­er you log on to a pub­lic Wi-Fi net­work. Anoth­er thing to remem­ber: Hack­ers may not always ask for the gym owner’s per­mis­sion to set up the Wi-Fi net­work that’s labeled with the gym’s name.

In addi­tion to the fake Wi-Fi set­up, there’s the threat of a man-in-the-mid­dle attack. This attack can secret­ly alter the com­mu­ni­ca­tion between two par­ties and even lead to eaves­drop­ping by an unknown third party.

If you are going to log on to the Wi-Fi at your gym, always look for HTTPS in the address and the green lock near the URL of the sites you vis­it, and think long and hard before vis­it­ing des­ti­na­tions like banks, cred­it cards and the like that require or pro­vide access to sen­si­tive information.

Remem­ber, if you ever have any sus­pi­cion your infor­ma­tion has been com­pro­mised, always con­tact your cred­it card providers ASAP. It’s also help­ful to check your cred­it for any sud­den changes (You can get a free cred­it report snap­shot at Credit.com) While know­ing the lat­est threats out there and using secu­ri­ty updates the moment they are issued is great and absolute­ly nec­es­sary, it’s impor­tant to bear in mind that there is no anti-fraud sil­ver bul­let. Gyms are nei­ther bet­ter nor worse than any­where else when it comes to data secu­ri­ty prac­tices, but they are def­i­nite­ly places where you can be harmed.

Full dis­clo­sure: Cyber­Scout spon­sors Third­Cer­tain­ty. This sto­ry orig­i­nat­ed as an Op/Ed con­tri­bu­tion to Credit.com and does not nec­es­sar­i­ly rep­re­sent the views of the com­pa­ny or its partners.

 

More on iden­ti­ty theft:
Iden­ti­ty Theft: What You Need to Know
3 Dumb Things You Can Do With Email
How Can You Tell If Your Iden­ti­ty Has Been Stolen?