Syncing an infected Fitbit could be a security risk, says analyst, but Fitbit’s not worried

fitbit saves life
A researcher for security company Fortinet has revealed the Fitbit fitness tracker may be used as a vessel to infect your computer with malware, due to vulnerabilities in the way it uses Bluetooth. However, before wearers get too paranoid, the demonstration is only proof that it could happen, rather than something that is happening, and Fitbit has said it hasn’t seen any conclusive data that its wearable could be used this way.

Updated on 10-23-2015 by Andy Boxall: Added in a statement from Fitbit, highlighting the hack was a “theoretical scenario.”

Fitbit issues statement on hack

Following the publication of the story, Fitbit got in touch with Digital Trends and provided the following statement. Here’s the official line on the situation:

“On Wednesday October 21, 2015, reports began circulating in the media based on claims from security vendor, Fortinet, that Fitbit devices could be used to distribute malware. These reports are false. In fact, the Fortinet researcher, Axelle Apvrille who originally made these claims has confirmed to Fitbit that this was only a theoretical scenario and is not possible. Fitbit trackers cannot be used to infect user’s devices with malware. We want to reassure our users that it remains safe to use their Fitbit devices and no action is required.

As background, Fortinet first contacted us in March to report a low-severity issue unrelated to malicious software. Since that time we’ve maintained an open channel of communication with Fortinet. We have not seen any data to indicate that it is possible to use a tracker to distribute malware.

We have a history of working closely with the security research community and always welcome their thoughts and feedback. The trust of our customers is paramount. We carefully design security measures for new products, monitor for new threats, and rapidly respond to identified issues.”

Proof of concept hack demonstrated

What prompted Fitbit to start reassuring its customers? It began when Fortinet analyst, Axelle Apvrille, showed evidence that a hacker within a few meters of a Fitbit device could exploit open Bluetooth ports to place an infected packet on to it, which would transfer to a computer upon syncing later.

It was suggested this could be used to install a trojan or backdoor, and lead to serious problems. The file hidden in the Fitbit would remain even if the device was restarted, and could be sent to it in just 10-seconds, so it could happen when you’re passing someone in the street. There’s a video of the exploit in action here, if you’re interested in the technical side.

However, while the exploit sounds concerning, it’s not something that’s in the hands of criminals, and still requires executing on the host device — something that can’t be done automatically. Apvrille also said she alerted Fitbit to the problem back in March, but says the vulnerabilities are still there today, because the company considers it a low-level bug that will be fixed in the future.

Gaming

Hacker finds Steam bug that unlocks free games, collects $20K for reporting it

Security researcher Artem Moskowsky discovered a Steam bug that allowed him to generate infinite free keys for any game. Instead of abusing the exploit, Moskowsky reported it to Valve, which gave him a $20,000 reward.
Buying Guides

Solid-state drives are speedier than hard disk drives. Are they worth it?

As the price of solid-state drives comes down, it's reached a point where it's hard to recommend a system without at least a hybrid solution. In the battle of SSD vs. HDD, a clear winner has emerged.
Emerging Tech

Stronger than steel, thinner than paper, graphene could be the future of tech

Since its discovery, graphene has set the research world on fire. What exactly is it, though, and what could it mean for the future of tech? Here's everything you need to know about what could be the next supermaterial to take center stage.
Wearables

Everything you need to know about Garmin’s GPS watches and trackers

Garmin jumped into the GPS smartwatch and fitness tracker market five years ago and has built a portfolio of devices that rivals competitor Fitbit. Here's your guide to the latest and greatest fitness devices that Garmin has to offer.
Mobile

The world’s first smartglasses showrooms open in Brooklyn and Toronto

Canadian startup North is hoping smartglasses will be the next big wearable. After announcing its new Focals smartglasses in October, the company opened product showrooms in Brooklyn and Toronto.
Deals

Here are the best Apple Watch and Fitbit Versa deals for Black Friday

Apple products are the most sought-after products for Black Friday, the leaked preview ads show what discounts retailers will have for the Apple Watch Series 3 and other smartwatches, such as the Fitbit Versa, this holiday season.
Product Review

With style and feature upgrades, Misfit's next-generation Vapor 2 gets it right

Misfit’s next-generation smartwatch, the Vapor 2, packs built-in GPS, a heart-rate sensor, and more, into a beautiful design that starts from $250. We take a closer look at the company's latest device.
Music

Music to our ears: Spotify at long last arrives on the Apple Watch

Spotify subscribers are now able to jam out to their favorite tunes on their favorite workout accessory, as the Swedish streaming service has finally released its official Apple Watch app.
Wearables

Check out 25 of the best Wear OS apps for your smartwatch

Looking for some ways to spruce up that new Android smartwatch of yours? Here are the best Wear OS apps to download and use with any Android smartwatch, including a few specially enhanced for Wear OS 2.0.
Health & Fitness

Withings new Pulse HR is a customizable, connected fitness tracker

Inspired by Withings first ever fitness tracker the Pulse, the new Pulse HR is updated with the latest in fitness tracker technology including smart notifications, 24/7 heart rate tracking, and more.
Emerging Tech

Believe it or not, this fire-proof exoskeleton isn’t designed for space marines

A company called Levitate Technologies has developed a fire-resistant upper body exoskeleton that’s capable of lowering exertion levels by up to 80 percent when you carry out manual work.
Mobile

The Motiv smart ring is coming to 20 more countries and physical stores

Remember Motiv's activity tracking smart ring? It's back with a raft of new features that adds biometric identification and token authentication, all on a device that fits on your finger.
Wearables

Google's Wear OS update 'H' promises battery life improvements

Google has rebranded its Android Wear operating system to Wear OS. Removing the Android name may help people better understand Google-powered smartwatches, which also play nice with iOS devices. 
Product Review

This featherweight Fossil might be the lean smartwatch you've been waiting for

Fossil has released its first-ever smartwatch featuring Qualcomm’s Snapdragon Wear 3100. For $255, it comes equipped with a heart-rate sensor, built-in GPS, and more, but does the Fossil Sport live up to the hype? We take a closer look.