Can Fitbits be hacked?

Fitbit: "Our fitness trackers can't be hacked"

Fitbit has contradicted allegations that its fitness trackers can be hacked by the lightest means. This is a purely theoretical model. In practice, it should be impossible to infect the trackers with malware.

More and more amateur athletes monitor their daily training with the help of fitness trackers. Hardly any other company has benefited as much from this trend as Fitbit, since the Americans are the global market leader in the manufacture of fitness wearables. Now, however, according to a report by The Register, dark clouds could gather over Fitbit. If you believe the security experts at Frontinet, then the company's trackers are said to have a serious security problem.

Unsafe Bluetooth interface should allow hacks

Allegedly, it is possible to hack Fitbit's fitness trackers with the simplest of means and to record harmful malware on them. According to Frontinet, the reason for this is an insecure Bluetooth interface. Any attacker who is within the Bluetooth range of a Fitbit tracker can use a smartphone to install malware on it - even if the devices have not been paired. Overall, the hack should not take longer than ten seconds.

On the tracker itself, the malware shouldn't be a big problem at all. According to Frontinet, however, it becomes critical as soon as an infected tracker is connected to the computer. Then the malware should be able to lodge itself on the computer unnoticed and unhindered. Virtually every computer is said to be susceptible to such attacks. According to Frontinet employee Axelle Apvrille, Fitbit was made aware of the vulnerability as early as March 2015. So far, however, the security breach has not been resolved.

Fitbit rejects the allegations

The manufacturer Fitbit has now responded to the allegations and rejected them. Accordingly, Frontinet actually got in touch with Fitbit in March to report a security problem. However, it was not about infections of fitness trackers with malware. So far, Fitbit has received no evidence that it is possible to misuse a fitness tracker as a carrier of malware. The company also announced that it is working closely with the community and security firms to quickly identify and fix any issues.

Update, 10/26/2015, 12:49 p.m .: Fitbit responded to the allegations with an official statement on Monday. According to the manufacturer, hacking a Fitbit tracker is a purely theoretical scenario, but it is not possible in practice. Axelle Apvrille from Fortinet would have admitted this to Fitbit in the meantime. The statement literally states:

"Axelle Apvrille, researcher at Frontinet who originally made the claims, has now confirmed to Fitbit that this is a purely theoretical scenario and is not possible. Fitbit trackers cannot be used to target our users' devices with malware We assure our users that their Fitbit devices will continue to be safe to use and that no action is required. "