Fitbit claims that it’s fitness devices can’t be used to infect users with malware.
Fitbit’s health trackers might be vulnerable to hacking, according to a presentation by security researcher Axelle Apvrille of Fortinet. Fortinet is a cyber-security firm and Apvrille published the findings at the annual Hack.Lu conference. You can check out her full presentation here.
According to Apvrille’s research, the hack can be carried out via the Bluetooth radio of the fitness tracker and it can also be used to deliver malicious code to computers with which the tracker is synced. Apvrille also showed how the fitness data logged-in by a user and sensor results produced by the device can be manipulated.
Fitbit has issued a statement on the issue to Forbes and a spokesperson for the company said, “As the market leader in connected health and fitness, Fitbit is focused on protecting consumer privacy and keeping data safe. We believe that security issues reported today are false, and that Fitbit devices can’t be used to infect users with malware. We will continue to monitor this issue. ”
Fortinet revealed that it contacted Fitbit in March with the possibility of misuse. Fitbit’s statement to Forbes also mentions this and notes, “ Fortinet first contacted us in March to report a low-severity issue unrelated to malicious software. Since that time we’ve maintained an open channel of communication with Fortinet. We have not seen any data to indicate that it is currently possible to use a tracker to distribute malware. ”
Meanwhile Apvrille has also reiterated that the hacking is a proof of concept and that to complete the scenario, one will still need to execute the malicious code on the victim’s host. Check out Apvrille’s tweets here.