Fitbit denies security vulnerability, says there's no malware threat with wristband

Fitbit is denying that its product presents an opportunity for hackers to grab data or plant malicious malware that can then infect a PC or other connected device, a potential vulnerability scenario presented at a recent security conference, according to The Register.

Fortinet researcher Axell Aprville showed a proof of concept of how a hacker could potentially use the tracker to spread malware and manipulate device data at the Hack.Lu conference in Luxembourg last week. She made the vulnerability known to Fitbit last March, but Fitbit views it more a bug than a malware threat.

"Fitbit trackers cannot be used to infect users' devices with malware," the company says in a statement on its website. "We want to reassure our users that it remains safe to use their Fitbit devices and no action is required."

Aprville says the proof of concept involves the Fitbit device tapping Bluetooth to let hackers deliver malware in less than 10 seconds. "An attacker sends an infected packet to a fitness tracker nearby at bluetooth distance then the rest of the attack occurs by itself, without any special need for the attacker being near," Apvrille told Vulture South, according to The Register.

Fitbit says that it's had a long history of working with the security research community, stating that it "carefully designs security measures for new products, monitors for new threats, and rapidly responds to identified issues."

A report published last month by Raytheon | Websense Security Labs, notes that compared to the average industry, healthcare entities are plagued by 340 percent more incidents. Advanced malware attacks, for example, are 400 percent more likely to impact the industry. Phishing schemes are 74 percent more likely to hit healthcare, according to the report.

For more information:
- read The Register report
- read Fitbit's response