HACKERS CAN EASILY bypass the encryption on Fitbit trackers to steal personal details from its owner, according to reports.
The Telegraph has the scoop and reports that a team at the University of Edinburgh found that it is possible to intercept messages from the Fitbit One and Fitbit Flex bands, accessing personal data as it is sent to Fitbit's servers for analysis.
Dr Paul Patras of the University said: "Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology."
The most concerning aspect of this method is that Fitbit's end-to-end encryption - which scrambles information so that it can only be deciphered at its destination - provides no protection against the hack. Both the Fitbit One and Fitbit Flex were modified to bypass encryption and access stored information.
Fitbit says that it has updated its software to fix the security issue.
In a statement, the company said: "We are always looking for ways to strengthen the security of our devices, and in the upcoming days will start rolling out updates that improve device security, including ensuring encrypted communications for trackers launched prior to Surge [summer 2016].
"The trust of our customers is paramount and we carefully design security measures for new products, continuously monitor for new threats, and diligently respond to identified issues."
This is not the first time that Fitbit has been highlighted as a potential hacking target. Researchers from cyber security firm Fortinet exposed a vulnerability in the company's products in 2015 - although Fitbit rubbished the claims at the time.
BMC Software's Paul Cant, VP EMEA, told INQ: "The rise in popularity of wearable devices has made them an obvious target for hackers to capture personal and sensitive information. It is therefore essential that organisations have a durable cyber security strategy in place to ensure they are effectively equipped to deal with the ever-growing and evolving digital threats.
"In order to mitigate the security risks of vulnerabilities - like those that have been discovered in Fitbit devices - SecOps teams need to quickly identify the flaws, prioritise them against other threats and fix them, thus safeguarding customer and personal data from any future cyber insurgency." µ
Razring the stakes
The pop-up camera is being binned
But Google buries privacy weakness
But it might never see the light of a PC bay