Syncing an infected Fitbit could be a security risk, says analyst, but Fitbit’s not worried

fitbit saves life
A researcher for security company Fortinet has revealed the Fitbit fitness tracker may be used as a vessel to infect your computer with malware, due to vulnerabilities in the way it uses Bluetooth. However, before wearers get too paranoid, the demonstration is only proof that it could happen, rather than something that is happening, and Fitbit has said it hasn’t seen any conclusive data that its wearable could be used this way.

Updated on 10-23-2015 by Andy Boxall: Added in a statement from Fitbit, highlighting the hack was a “theoretical scenario.”

Fitbit issues statement on hack

Following the publication of the story, Fitbit got in touch with Digital Trends and provided the following statement. Here’s the official line on the situation:

“On Wednesday October 21, 2015, reports began circulating in the media based on claims from security vendor, Fortinet, that Fitbit devices could be used to distribute malware. These reports are false. In fact, the Fortinet researcher, Axelle Apvrille who originally made these claims has confirmed to Fitbit that this was only a theoretical scenario and is not possible. Fitbit trackers cannot be used to infect user’s devices with malware. We want to reassure our users that it remains safe to use their Fitbit devices and no action is required.

As background, Fortinet first contacted us in March to report a low-severity issue unrelated to malicious software. Since that time we’ve maintained an open channel of communication with Fortinet. We have not seen any data to indicate that it is possible to use a tracker to distribute malware.

We have a history of working closely with the security research community and always welcome their thoughts and feedback. The trust of our customers is paramount. We carefully design security measures for new products, monitor for new threats, and rapidly respond to identified issues.”

Proof of concept hack demonstrated

What prompted Fitbit to start reassuring its customers? It began when Fortinet analyst, Axelle Apvrille, showed evidence that a hacker within a few meters of a Fitbit device could exploit open Bluetooth ports to place an infected packet on to it, which would transfer to a computer upon syncing later.

It was suggested this could be used to install a trojan or backdoor, and lead to serious problems. The file hidden in the Fitbit would remain even if the device was restarted, and could be sent to it in just 10-seconds, so it could happen when you’re passing someone in the street. There’s a video of the exploit in action here, if you’re interested in the technical side.

However, while the exploit sounds concerning, it’s not something that’s in the hands of criminals, and still requires executing on the host device — something that can’t be done automatically. Apvrille also said she alerted Fitbit to the problem back in March, but says the vulnerabilities are still there today, because the company considers it a low-level bug that will be fixed in the future.

Emerging Tech

How emotion-tracking A.I. will change computing as we know it

Affectiva is just one of the startups working to create emotion-tracking A.I. that can work out how you're feeling. Here's why this could change the face of computing as we know it.
Deals

Stay fit and save cash with our top 10 affordable Fitbit alternatives

As much as we love Fitbits, they're rather expensive. If all you want is a simple activity tracker, however, then check out these great cheap Fitbit alternatives. With offerings from brands like Garmin, you don't need to pay full price.
Movies & TV

'Prime'-time TV: Here are the best shows on Amazon Prime right now

There's more to Amazon Prime than free two-day shipping, including access to a number of phenomenal shows at no extra cost. To make the sifting easier, here are our favorite shows currently streaming on Amazon Prime.
Emerging Tech

Awesome Tech You Can’t Buy Yet: Halfbikes, VR for all your senses, and more

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it's fun to gawk!
Mobile

A Google patent hints at a new attempt at an augmented reality headset

Google may be working on another augmented reality headset. The company was awarded a patent for an augmented reality headset. Unfortunately, the patent isn't specific as to what the headset will look like.
Home Theater

Here are some common AirPods problems, and how to fix them

Apple’s AirPods are among the best fully wireless earbuds we’ve seen, but they’re not perfect. If you’re having trouble, take a look at our guide to the most common problems and what you can do to fix them.
Outdoors

When it's not keeping you dry, Gore wants to keep Silicon Valley innovating

The Gore Innovation Center in Santa Clara, California is designed to help tech start ups to create innovate new products that integrated Gore-Tex fabrics and other materials in wearables, health devices, and more.
Wearables

The North Focals smartglasses help you rock out with new Spotify support

The North Focals are a pair of smartglasses with a whole lot to offer. They not only look pretty good, but they allow you to get directions, check upcoming items on your calendar, and more. Here's everything you need to know.
Wearables

Army uses modified Microsoft HoloLens 2 for ‘real-life game of Call of Duty’

The U.S. Army gave CNBC an exclusive look at its modified Microsoft HoloLens 2 augmented reality headset. The Integrated Visual Augmentation System, or IVAS, provides various functions for training and combat.
Wearables

Now is the time to pick up and wear a discounted TicWatch smartwatch

Mobvoi is running a promotion on two of its desirable smartwatches, the TicWatch C2 and the TicWatch Pro, where you can get 20-percent off the usual price. This brings our favorite, the C2, down to just $160.
Wearables

Samsung Galaxy Watch Active vs. Samsung Galaxy Watch: Is more expensive better?

Samsung has finally launched its latest smartwatch, the Samsung Galaxy Watch Active. The device is aimed at sporty people and is clearly well-designed. But is the new device better than Samsung's flagship watch?
Wearables

The ultimate golf watch isn’t a smartwatch. It’s Hublot’s Big Bang Unico Golf

Forget golf smartwatches, the Hublot Big Bang Unico Golf is the ultimate timepiece to wear out on the links. It's the world's first mechanical golf watch, and will keep score for you throughout the game.
Deals

Smartwatch deal: The Apple Watch Series 3 just dropped to $199

Now’s a perfect time to grab the last-gen (but still awesome) Apple Watch Series 3. It's a great wearable for those looking to hop into the world of smartwatches, and this limited-time deal makes the Series 3 even more attractive.
Deals

Apple Watch Series 3, Fitbit Charge 2 see price cuts from Walmart and B&H

Save around $50 on the Fitbit Charge 2 from Amazon and more than $100 on the Apple Watch Series 3 at B&H Photo Video and Walmart. These may be slightly older models, but they're still excellent fitness trackers and smartwatches.