Hackers can turn Fitbits into spying devices

Hackers can turn Fitbits into spying devices

Smart wearables have many worthwhile and practical uses – they help keep us active, track our health, they keep tabs on our sleeping patterns and they are even being used to solve crimes.

With all the tracking information they store, it’s not surprising that wearable companies do have tons of information and data about their consumers.

But what if this data can be easily stolen and extracted by hackers?

That’s what a security research team from the University of Edinburgh discovered on two models of the popular wearable brand Fitbit.

How Fitbits are vulnerable

The two models involved are the Fitbit One and the Fitbit Flex, both of which record activity data such as steps taken, distance traveled, calories burned and sleep patterns.

The researchers intercepted the personal information while it was being transmitted to the company’s servers for storage and analysis. This information can then be used to doctor activity records or even steal personal data.

Fitbit secures this data with end-to-end encryption but the researchers demonstrated how easily this can be bypassed to let hackers access the information.

This stolen data can then be altered and used with malicious intent such as blackmail or falsified evidence.

The researchers also said that this demonstrates how the security and privacy measures implemented in wearables continue to lag behind the pace of new technology.

Update your Fitbit now

In response, Fitbit has issued security patches for its wearables to protect against the vulnerabilities. The company said it is committed to keeping its customers’ data secure. If you’re an owner of any of these Fitbit wearables, please update as soon as you can.

“We are always looking for ways to strengthen the security of our devices, and in the upcoming days will start rolling out updates that improve device security, including ensuring encrypted communications for trackers launched prior to Surge,” stated Fitbit in an official statement. “The trust of our customers is paramount and we carefully design security measures for new products, continuously monitor for new threats, and diligently respond to identified issues.”

How to update your Fitbit

You can update your Fitbit via the Fitbit app or the Fitbit.com Dashboard on its website.

Fitbit apps for iOS, Android or Windows Phone:

Open the Fitbit app. If an update is available, you’ll see a pink arrow next to wearable’s name. Just follow the onscreen prompts to update. Make sure your Fitbit remains in the vicinity of your phone while the update is being applied.

Fitbit.com Dashboard

Make sure that your Fitbit is within your computer’s vicinity and, if it came with a USB wireless dongle, make sure it’s plugged in.

On the main menu, click Check for device update. Log into your Fitbit account. Fitbit Connect will then sync your tracker and it will check for a firmware update.

If there’s an update available, Fitbit Connect will display a progress bar until the update finishes. Your wearable will also display a progress bar on its screen. You’ll get a confirmation message when the update is completed and your Fitbit will restart.

Please make sure your Fitbit tracker is charged sufficiently before updating. Also, don’t perform an update at midnight while the Fitbit resets. If you do, your step counts will be inaccurate for 24 hours.

More from Komando.com:

Huge Windows 10 flaw lets malware bypass security software!

Serious bug leaves millions of smartphones vulnerable to hacks!

Don’t fall for this incredibly tricky phone scam

Tags: hackers, malware, Microsoft Windows 10, security