Your Fitbit fitness tracker can be HACKED wirelessly in just 10 SECONDS
A proof-of-concept hack has highlighted privacy concerns

FITBIT fitness tracking wearables can be hacked via Bluetooth in under 10 SECONDS, new research has revealed.
 
Fitbit fitness trackers can be hacked in the blink of an eye, a staggering new proof-of-concept hack has highlighted.
The US fitness tracking firm, best known for its wearables and activity trackers, sold 11 million devices alone last year.
The hack was demonstrated by security researcher Axelle Apvrille at an event dedicated to privacy in Luxembourg earlier this week.
 

Your Fitbit fitness tracker can be HACKED wirelessly in just 10 SECONDS
The hack can be carried out in under 10 seconds

Apvrille introduced the hack, offering: ”While reverse engineering, we noticed trackers now use end-to-end encryption for their communications with Fitbit servers.
"Is this good? Or bad? 
“What happens if Fitbit servers are unreachable? What can we possibly do with the wristband besides activity tracking?
"I'll present two alternative geeky uses for your beloved fitness tracker."
 
In order to successfully carry out the hack, the hacker needs to be close to the device - around 10ft away. But physical access is not required.
Apvrille demonstrated how a Bluetooth connection makes it possible to send computer code to the device.
This unauthorised piece of code could then be used for the hackers own nefarious activities.
 
Your Fitbit fitness tracker can be HACKED wirelessly in just 10 SECONDS
The hack uses Bluetooth to send rogue code to the band
This might include accessing mobile phones or computers synced to the fitness device.
However Fitbit has said that it is not possible for a hacker to go a step further and infect the device with malware.
April has posted a video of her exploit on YouTube - you can watch it below.
 
A spokesperson for Fitbit told NewsNewsBlog.blogspot.com: "On Wednesday October 21, 2015, reports began circulating in the media based on claims from security vendor, Fortinet, that Fitbit devices could be used to distribute malware. 
"These reports are false.
"In fact, the Fortinet researcher, Axelle Apvrille who originally made these claims has confirmed to Fitbit that this was only a theoretical scenario and is not possible. 
"Fitbit trackers cannot be used to infect user’s devices with malware. We want to reassure our users that it remains safe to use their Fitbit devices and no action is required. 
"As background, Fortinet first contacted us in March to report a low-severity issue unrelated to malicious software. 
"Since that time we’ve maintained an open channel of communication with Fortinet. We have not seen any data to indicate that it is possible to use a tracker to distribute malware. 
"We have a history of working closely with the security research community and always welcome their thoughts and feedback. The trust of our customers is paramount. 
"We carefully design security measures for new products, monitor for new threats, and rapidly respond to identified issues.
"We encourage individuals to report any security concerns with Fitbit's products or online services to security@fitbit.com. 
"More information about reporting security issues can be found online at https://www.fitbit.com/security."

Post a Comment Blogger Disqus

 
Top