SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
20 Sep 2017

Fitbit devices can be hacked

Popular Fitbit devices are vulnerable to hackers, according to a new study that reveals how personal information can be stolen from the fitness bands.

Computer researchers at the University of Edinburgh intercepted messages from the Fitbit One and Fitbit Flex wristbands, which calculate activity including steps, distance travelled, calories burned and sleep duration.

The team accessed personal information from the devices as it was sent to the company's cloud servers for analysis. The researchers said the problem could be used to falsify activity records or steal personal data. Fitbit secures its devices with end-to-end encryption, which means messages are scrambled in transit and are only deciphered once they reach their destination. But the University of Edinburgh study showed the security measures can be circumvented. The researchers modified the Flex and One to let them bypass encryption and access information stored on the devices.

"Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology," said Dr Paul Patras, from the University of Edinburgh's School of Informatics. Dr Patras added that hackers could use the method to steal health data and possibly blackmail users. "They could extract information and say you're not as active as you say you are," he said. "Or use the data for other nefarious purposes."

Fitbit has updated its software to fix the security problems and enhance privacy for its customers. "We welcome Fitbit's receptiveness to our findings, their professional attitude towards understanding the vulnerabilities we identified and the timely manner in which they have improved the affected services," said Dr Patras.

Fitbit said it has used end-to-end encryption since 2016 and is committed to keeping its customers' information secure. "We are always looking for ways to strengthen the security of our devices, and in the upcoming days will start rolling out updates that improve device security, including ensuring encrypted communications for trackers launched prior to Surge," said Fitbit. "The trust of our customers is paramount and we carefully design security measures for new products, continuously monitor for new threats, and diligently respond to identified issues."

Previous research has shown how Fitbit devices can be hacked. Security firm Fortinet showed in 2015 how malicious software could be downloaded onto Fitbit trackers without the user noticing. Fitbit denied the possibility.


Download SafeUM — communicate privately, without advertising and spam.

Tags:
Fitbit information leaks
Source:
The Telegraph
1657
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015