Solved What is the security risk of getting a IOT bathroom scale?

GreggIllinois

Thread Starter
Joined
Jan 5, 2014
Messages
372
This is the scale: https://www.amazon.com/RENPHO-Bluetooth-Bathroom-Composition-Smartphone/dp/B01N1UX8RW/
This is their app: https://play.google.com/store/apps/details?id=com.qingniu.renpho&hl=en_US
This is their privacy page: https://renpho.com/pages/privacy-policy

This scale will help me with a specific health issue. (The scale utilizes Bio-electrical Impedance Analysis(BIA) to calculate 13 key body composition metrics.)

More than anything I am concerned about my PC somehow getting hacked through this scale. I have a pretty tech-knowledgeable (but also very pessimistic) friend who thinks all IOT devices are a huge security risk (but he won't tell me what he thinks that risk is). I have done some research, and it seemed to me most of the risk would be the scale getting used in a botnet DDoS attack.

I researched the company (Renpho) and they seem to support their app and product very well. The permissions for the app seem ridiculously broad but all the permissions for IOT bathroom scales seem similarly broad.

It seems using the scale without creating an account would be the safest way to go. But giving some personal information (eg. height, weight etc) would really be beneficial for the app to give me more extensive information as to my health (eg. my body fat is too high for my height).

So what are the risks of:

#1) Using the scale without creating an account
#2) Using the scale and creating an account

Thank you.
 

Oddba11

Jim
Joined
May 12, 2011
Messages
8,151
This is not an "IoT" issue. That applies to devices connected to your home network (either by ethernet or typically wifi).

This scale connects to your phone via Bluetooth. Any security concerns would be related to how their app shares your information (the same as with any other app that you have installed on your phone).
 

TechGuy

Mike
Administrator
Joined
Feb 12, 1999
Messages
14,642
Jim is right -- this is not IoT as it doesn't connect directly to the Internet. I use a smart scale myself and love seeing the graph over time -- even though it's been going in the wrong directly lately. The risk is that whatever information you give the company (like name and email address) as well as information it detects (like weight) is kept on their servers and, like anything stored in the cloud, could one day be hacked or sold to someone else. That doesn't bother me with a scale. I'm more concerned with devices like cameras that could potentially have more sensitive data (video) that could be hacked. I think you'll like the scale. :)
 

GreggIllinois

Thread Starter
Joined
Jan 5, 2014
Messages
372
Thanks very much, Jim and Mike.

#1) So my PC cannot get hacked? (I know this is a redundant question but my PC has been hacked before.)
#2) Can my phone get hacked?

And I can live with a data breach. So I set up an account, give my weight, height etc, but all I'm on vulnerable to is having somebody having my email address, right? But I don't want somebody giving my phone or PC a virus. And then if they get into the phone, they could maybe hack the email accounts there?

I'm attaching the permissions for the Renpho scale. (I liked Renpho's app because they answered all the bad reviews and seemed really committed to keeping things current.) But the permissions seem way overboard. Things like:

*read phone status
*get precise GPS location
*read USB storage
*access camera

I've attached the actual permissions and a review (not neccesarily of Renphro but of a smart scale) of someone as wary as I am.

Thanks.
 

Attachments

Oddba11

Jim
Joined
May 12, 2011
Messages
8,151
1) Any PC can be hacked. But there is little incentive for anyone to spend the time to hack a persons computer. You are more likely to get a virus or malware that could damage your data or steal your data.

2) Phones can be hacked as well. But again, not likely. And the biggest issue with phone apps isn't related to their specific purpose. As noted, who cares about someone getting your email address and your weight? The issue is that many apps request (can often be denied which may or may not impact how the app functions) access to other data on your phone (ie: address book, gps, photo gallery, etc.). In which case, there is a potential, that if they are not legit, they then have access to a LOT more information than just your email and weight. This applies to ALL of the apps on your phone. This is why there are news reports, seems like once a year, where Google store removed 1000 apps because they were malicious.

This isn't a huge cause for concern. But just educate yourself a bit and be aware.
 
Last edited by a moderator:

Oddba11

Jim
Joined
May 12, 2011
Messages
8,151
Sorry, typo: This isn't a huge cause for concern.

And I cant edit for some reason.
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top