According to a new study, hackers could potentially compromise fitness devices made by Fitbit.
Experts from the University of Edinburgh, as well as researchers from Germany and Italy, collaborated on a study that was released just a few days ago. The study demonstrates that personal information can be taken from popular Fitbit devices. In order to provide evidence supporting this claim, the team was able to successfully access personal information as well as activity records and intercept messages sent from Fitbit One and Flex bands.
End-to-end encryption is utilized to ensure the safety of all Fitbit devices. This is significant because the analyzed data from the collected sensors is delivered to the cloud servers maintained by the corporation. Messages are encrypted before being sent and are not deciphered until they have arrived at their final destination. Despite this, the researchers were able to gain access to the data and decipher it while it was in transit, proving that encryption can be broken.
“Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology,” said Dr. Paul Patras from the University of Edinburgh’s School of Informatics. “Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology.””
The question then is: why should you care about this?
The information is essentially the “black box” of the human body. It is possible that dishonest people could use it to forge activity records, steal personal information, or even blackmail users with this information. It could also be distributed to third parties, such as advertising agencies or online merchants, for example. In addition, there have been instances where the information obtained from such devices has been used in legal proceedings.
According to Dr. Petras, “They may extract information and claim you’re not as active as you think you are.”
“Or make use of the information for some other nefarious objective.””
Then there are the companies that provide health insurance. Some of them have begun to offer discounts to insured people who are willing to disclose personal data gleaned from fitness trackers they are using on themselves. This means that it is possible for some individuals to hack into data in order to fabricate activity numbers and reap financial benefits from doing so.
Fixing the issue and improving its users’ ability to maintain their privacy is a top priority for Fitbit as it develops the software. The following is what an official statement issued by the corporation said.
According to Fitbit, “We are always looking for ways to strengthen the security of our devices, and in the coming days will begin rolling out updates that improve device security.” These updates will include the provision of encrypted communications for trackers that were introduced prior to the Surge update.
“The trust of our consumers is of the utmost importance, and we carefully create security measures for new goods. Additionally, we regularly monitor for new threats and respond diligently to any problems that are discovered.