Fitbit released a new update for its fitness trackers, Charge HR and Surge. (Photo : Twitter)
Research by network security company Fortinet revealed that a Fitbit fitness tracker can be hacked quickly due to a vulnerability linked to Bluetooth ports, and then is spread to other computers to which the gadget is connected. After the two devices are linked, the hacker can send the malicious software in 10 seconds.
Hack attacks over Bluetooth must be done within a short distance. After the Fitbit has been infected with the bug, the malicious attack happens regardless of how near the hacker is.
This was the first time malware was successfully delivered to a fitness tracker. After Fortinet researcher Axelle Apvrille warned Fitbit in March about the security vulnerability the company said that it was a bug, according to The Register.
Apvrille will share her proof-of-concept demo video at tomorrow's Hack Lu conference. It will be in Luxembourg.
The malware researcher revealed that after resetting the link with the fitness tracker most of the infected bytes still existed. That is enough space to send a short malware code.
Apvrille has also done other Fitbit hacks. She has changed the number of counted steps and boosted the distance to earn badges, which can be traded for prizes and discounts.
Fitbit told Engadget that the security problems reported by Fortinet were false, and that the device cannot infect other fitness tracker users. Apvrille replied in a Twitter post that its researchers had not technically made any malicious code, according to Engadget.
This was not Fitbit's first security debacle. In 2013 researchers used fake login info to access all Fitbit accounts as a result of simple authentication checks.
