Skip to main content
  1. Home
  2. Wearables
  3. News

Syncing an infected Fitbit could be a security risk, says analyst, but Fitbit’s not worried

By

fitbit saves life
A researcher for security company Fortinet has revealed the Fitbit fitness tracker may be used as a vessel to infect your computer with malware, due to vulnerabilities in the way it uses Bluetooth. However, before wearers get too paranoid, the demonstration is only proof that it could happen, rather than something that is happening, and Fitbit has said it hasn’t seen any conclusive data that its wearable could be used this way.

Updated on 10-23-2015 by Andy Boxall: Added in a statement from Fitbit, highlighting the hack was a “theoretical scenario.”

Recommended Videos

Fitbit issues statement on hack

Following the publication of the story, Fitbit got in touch with Digital Trends and provided the following statement. Here’s the official line on the situation:

“On Wednesday October 21, 2015, reports began circulating in the media based on claims from security vendor, Fortinet, that Fitbit devices could be used to distribute malware. These reports are false. In fact, the Fortinet researcher, Axelle Apvrille who originally made these claims has confirmed to Fitbit that this was only a theoretical scenario and is not possible. Fitbit trackers cannot be used to infect user’s devices with malware. We want to reassure our users that it remains safe to use their Fitbit devices and no action is required.

As background, Fortinet first contacted us in March to report a low-severity issue unrelated to malicious software. Since that time we’ve maintained an open channel of communication with Fortinet. We have not seen any data to indicate that it is possible to use a tracker to distribute malware.

We have a history of working closely with the security research community and always welcome their thoughts and feedback. The trust of our customers is paramount. We carefully design security measures for new products, monitor for new threats, and rapidly respond to identified issues.”

Proof of concept hack demonstrated

What prompted Fitbit to start reassuring its customers? It began when Fortinet analyst, Axelle Apvrille, showed evidence that a hacker within a few meters of a Fitbit device could exploit open Bluetooth ports to place an infected packet on to it, which would transfer to a computer upon syncing later.

It was suggested this could be used to install a trojan or backdoor, and lead to serious problems. The file hidden in the Fitbit would remain even if the device was restarted, and could be sent to it in just 10-seconds, so it could happen when you’re passing someone in the street. There’s a video of the exploit in action here, if you’re interested in the technical side.

However, while the exploit sounds concerning, it’s not something that’s in the hands of criminals, and still requires executing on the host device — something that can’t be done automatically. Apvrille also said she alerted Fitbit to the problem back in March, but says the vulnerabilities are still there today, because the company considers it a low-level bug that will be fixed in the future.

Topics
Andy Boxall
Andy Boxall
Senior Mobile Writer
Andy is a Senior Writer at Digital Trends, where he concentrates on mobile technology, a subject he has written about for…
Samsung Galaxy Watch 4 vs. Fitbit Sense
The Samsung Galaxy Watch 4 smartwatch, worn on a person's wrist.

The Galaxy Watch 4 is Samsung's take on a modern, hi-tech wearable that doesn't imitate an old-school analog wristwatch. It eschews the classic design of its predecessors for a sleeker, more streamlined look, while also providing some excellent hardware and features. These include a Super AMOLED touchscreen, 16GB of internal storage, generous battery life, and some great health-tracking software.

It's certainly one of the best smartwatches out there, but in a market saturated by Apple Watches and various Android equivalents, it certainly isn't without competitors. One of these is the Fitbit Sense, which in 2020 emerged to offer a premium version of the core Fitbit experience, replete with an ECG sensor, a choice of virtual assistants, and a wealth of fitness features.

Read more
This $4,000 titanium beauty is the ultimate square G-Shock
The G-Shock MRG-B5000B.

Do you want the very best Casio offers in manufacturing, design, and technology from your new G-Shock, all wrapped up in that highly recognizable square case? In other words, the ultimate version of a truly classic G-Shock watch? If so, the new MRG-B5000B is exactly the model you will want, provided cost is no object. We’ve been wearing it.
What makes MR-G so special?
Although Casio is best known for tough watches that won’t break the bank, Casio also has decades of watchmaking experience, and it showcases its talents most effectively in its highly exclusive MR-G family of watches. These models, its most luxurious, are assembled by hand on Casio’s Premium Production Line located in the Yamagata factory in Japan, where only the company’s most experienced, specially certified technicians work on the top MT-G and MR-G models.

The square G-Shock is one of the most popular models, having been around since the G-Shock brand first started in the early 1980s, and bringing it to the luxury MR-G range is going to see a lot of people reaching for their wallets. What makes it so special? It’s the first time the classic, beloved square G-Shock has been given the MR-G treatment, with most other MR-G models over the past few years featuring an analog dial. There's a huge section of an already large fan base waiting for this.

Read more
Fitbit recalls Ionic smartwatch after several burn reports
best walmart deals on apple watch garmin and fitbit ionic smartwatch adidas edition ice gray silver

Fitbit Ionic smartwatch users need to stop using their devices right now. The company has recalled its Ionic wearable after over 150 reports of the watch’s lithium-ion battery overheating, and 78 reports of burn injuries to the users. It will offer a refund of $299 to the Fitbit Ionic smartwatch users who return the device.

Fitbit has received at least 115 reports in the United States and over 50 reports internationally about the Ionic smartwatch's battery overheating. It is recalling the device as there are two reports of third-degree burns and four reports of second-degree burns out of the 78 total burn injuries report.

Read more