Image source: Fitbit

Your Fitbit can be hacked, says new report

Fitbit fitness trackers are vulnerable to hackers new research shows.

A joint study published a few days ago by University of Edinburgh researchers and researchers from Germany and Italy, shows that personal information can be stolen from popular Fitbit devices. To prove this point, the team managed to successfully intercept messages from the Fitbit One and Flex bands and access personal information and activity logs.

Essential reading: Choosing the right Fitbit tracker

Fitbit secures its devices with end-to-end encryption. This is important as collected sensor data is sent to the company’s cloud servers for analysis. Messages are scrambled in transit and are only decrypted when they reach the destination. Nevertheless, researchers managed to access and decipher the data while it was on-route, demonstrating that encryption can be circumvented.

“Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology,” said Dr Paul Patras, from the University of Edinburgh’s School of Informatics.

So why should this be of concern to you?

The information is essentially the human body’s “black box”. It could potentially be used by fraudsters to falsify activity records, steal personal data or even blackmail users. It could also be shared with third parties such as marketing firms or online retailers. And we are seeing data from such devices featured in police investigations and even trials.

“They could extract information and say you’re not as active as you say you are,” Dr Petras added.

“Or use the data for other nefarious purposes.”

Then there are health insurance companies. Some of them have have started to offer discounts if the insured persons provide personal data from their fitness trackers. Which presents the possibility of some people hacking into data to falsify activity stats and gain financial benefits.

Fitbit is working on a software to fix the problem and enhance privacy for its customers. An official statement from the company read as follows.

“We are always looking for ways to strengthen the security of our devices, and in the upcoming days will start rolling out updates that improve device security, including ensuring encrypted communications for trackers launched prior to Surge,” said Fitbit.

“The trust of our customers is paramount and we carefully design security measures for new products, continuously monitor for new threats, and diligently respond to identified issues.”

Like this article? Subscribe to our monthly newsletter and never miss out!

Ivan Jovin

Ivan has been a tech journalist for over 7 years now, covering all kinds of technology issues. He is the guy who gets to dive deep into the latest wearable tech news.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.