Syncing an infected Fitbit could be a security risk, says analyst, but Fitbit’s not worried

fitbit saves life
A researcher for security company Fortinet has revealed the Fitbit fitness tracker may be used as a vessel to infect your computer with malware, due to vulnerabilities in the way it uses Bluetooth. However, before wearers get too paranoid, the demonstration is only proof that it could happen, rather than something that is happening, and Fitbit has said it hasn’t seen any conclusive data that its wearable could be used this way.

Updated on 10-23-2015 by Andy Boxall: Added in a statement from Fitbit, highlighting the hack was a “theoretical scenario.”

Fitbit issues statement on hack

Following the publication of the story, Fitbit got in touch with Digital Trends and provided the following statement. Here’s the official line on the situation:

“On Wednesday October 21, 2015, reports began circulating in the media based on claims from security vendor, Fortinet, that Fitbit devices could be used to distribute malware. These reports are false. In fact, the Fortinet researcher, Axelle Apvrille who originally made these claims has confirmed to Fitbit that this was only a theoretical scenario and is not possible. Fitbit trackers cannot be used to infect user’s devices with malware. We want to reassure our users that it remains safe to use their Fitbit devices and no action is required.

As background, Fortinet first contacted us in March to report a low-severity issue unrelated to malicious software. Since that time we’ve maintained an open channel of communication with Fortinet. We have not seen any data to indicate that it is possible to use a tracker to distribute malware.

We have a history of working closely with the security research community and always welcome their thoughts and feedback. The trust of our customers is paramount. We carefully design security measures for new products, monitor for new threats, and rapidly respond to identified issues.”

Proof of concept hack demonstrated

What prompted Fitbit to start reassuring its customers? It began when Fortinet analyst, Axelle Apvrille, showed evidence that a hacker within a few meters of a Fitbit device could exploit open Bluetooth ports to place an infected packet on to it, which would transfer to a computer upon syncing later.

It was suggested this could be used to install a trojan or backdoor, and lead to serious problems. The file hidden in the Fitbit would remain even if the device was restarted, and could be sent to it in just 10-seconds, so it could happen when you’re passing someone in the street. There’s a video of the exploit in action here, if you’re interested in the technical side.

However, while the exploit sounds concerning, it’s not something that’s in the hands of criminals, and still requires executing on the host device — something that can’t be done automatically. Apvrille also said she alerted Fitbit to the problem back in March, but says the vulnerabilities are still there today, because the company considers it a low-level bug that will be fixed in the future.

Product Review

Samsung's $99 fitness tracker takes on Fitbit. Can it keep pace?

Samsung’s going toe-to-toe against Fitbit’s Inspire HR with its own $99 fitness tracker -- the Galaxy Fit. It also has a heart rate monitor, can automatically detect six workouts, and has a battery that can last for days.
Deals

Stay fit and save cash with our top 10 affordable Fitbit alternatives

As much as we love Fitbits, they're rather expensive. If all you want is a simple activity tracker, however, then check out these great cheap Fitbit alternatives. With offerings from brands like Garmin, you don't need to pay full price.
Computing

Russian hackers behind ‘world’s most murderous malware’ probing U.S. power grid

A hacking group linked to the Russian government has attempted to breach the U.S. power grid. Security experts tracked the hackers, and warn that they were probing the grid for weaknesses.
Deals

Fitbit Versa and Samsung Gear fitness smartwatches get big Amazon price cuts

Some of the best options can get pretty pricey, but with smartwatch discounts on the Fitbit Versa and Samsung Gear Sport, they are really quite affordable right now. You can save up to $125 on a new fitness watch.
Home Theater

The best Apple AirPod accessories can extend your high-end earbuds' life span

It might seem a bit strange to buy an accessory for an accessory, but sometimes you need a little something extra, like a case, cover, or transmitter, to get the most out of your Apple AirPods.
Deals

The GoPro Hero7 action camera gets price cut on Amazon ahead of Father’s Day

Got an adventurous Dad? If so, a GoPro action camera will make a great Father’s Day gifts. Ahead of Father’s Day, capture the GoPro Hero7 Black on Amazon for just $329, down from its normal $400. Don't just settle for socks again this…
Wearables

Exclusive: This is Mobvoi’s next Wear OS smartwatch, and it likely adds 4G LTE

Mobvoi may not be a household name in the U.S., but it sells affordable smartwatches running Google's Wear OS platform. The company's next watch has leaked -- by Mobvoi itself -- and Digital Trends managed to snap a screenshot.
Deals

The Apple Watch Series 4 is still at its lowest price for Father’s Day

Sales are continuing on select Apple Watch at both Amazon and Walmart through Father's Day, including a deal on the 38mm Series 3 GPS that is one of the lowest prices we've seen yet, and the new and slightly larger 40mm Series 4.
Emerging Tech

This lifesaving wearable could diagnose strokes more accurately

A new breakthrough wearable device uses two light measurement techniques to track the body's blood circulation — and accurately predict deadly strokes in the process. Here's how it works.
Deals

Make some time for the best smartwatch deals for June 2019

Smartwatches make life easier by sending alerts right on your wrist. Many also provide fitness-tracking features. If you're ready to take the plunge into wearables and want to save money, here are the best smartwatch deals for June 2019.
Wearables

Samsung's $99 Galaxy Fit fitness tracker is now available in the U.S.

Looking for a new fitness buddy? Samsung just launched the Galaxy Watch Active and the Galaxy Fit, two new wearables with a raft of fitness-focused features that'll keep you moving and get you down to the gym.
Home Theater

Diagnose and fix some common Apple AirPods problems with our handy guide

Apple’s AirPods are among the best fully wireless earbuds we’ve seen, but they’re not perfect. If you’re having trouble, take a look at our guide to the most common problems and what you can do to fix them.
Outdoors

The best smart helmets are full of cool tech, and totally worth the messy hair

Helmets might be a haircut's worst nightmare, but they're constantly evolving, and have undergone a 21st-century makeover. No matter your sport, here are the best smart helmets currently on the market.
Emerging Tech

Awesome Tech You Can’t Buy Yet: Plant-based shoes and a ukulele learning aid

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!