Can Your Fitbit Be Hacked in Less Than 10 Seconds? Here's What We Know Right Now

Impact
ByChris Riotta

Gizmodo reported on Wednesday hackers found a way to tap into Fitbit — the latest wearable tech gear making waves in the fitness industry — and upload malware content to the gadget's software in as little as 10 seconds. Reports of the potential cyber threat began circulating the Web, with outlets reporting headlines including "Hackers Can Access Your PC With This 10-Second Fitbit Hack" and "Fitbit 10-Second Hack Can Turn Device Into Malware Carrier." 

However, the Silicon Valley startup shot back at those reports, claiming the company hasn't seen any evidence indicating a possible cybersecurity threat to its customers.

"We believe that security issues reported today are false, and that Fitbit devices can't be used to infect users with malware," Fitbit wrote in a statement on the matter that Gizmodo published Thursday. "We will continue to monitor this issue."

Fitbit said in the statement that tech security company Fortinet first contacted the company in March "to report a low-severity issue unrelated to malicious software." 

"Since that time we've maintained an open channel of communication with Fortinet," Fitbit said in the statement to Gizmodo. "We have not seen any data to indicate that it is currently possible to use a tracker to distribute malware."

The rumors about a Fitbit hack stem from a report Fortinet sent Fitbit in March claiming the company's wearable technology could be used to hack into users' computers, potentially stealing personal information and data, according to Gizmodo.

"An attacker sends an infected packet to a fitness tracker nearby at Bluetooth distance then the rest of the attack occurs by itself, without any special need for the attacker being near," Fortinet researcher Axelle Apvrille told Vulture South, according to the Register. "[When] the victim wishes to synchronize his or her fitness data with Fitbit servers to update their profile ... the fitness tracker responds to the query, but in addition to the standard message, the response is tainted with the infected code."

However, Apvrille reversed her statements surrounding the potential hack on Twitter Wednesday, saying the hack isn't as simple as outlets have been making it seem — and may not even be possible at all:

According to Apvrille, a data breach or hack on wearable technology would require a hacker to have the gear in their possession. So, at least for now, incorporating technology into a daily workout shouldn't incite any fear of identity theft or any other data breaches.