The Daily Telegraph reports that Fitbit smart bands are vulnerable to hackers, with researchers having uncovering a way to steal personal details from wearers.
A team at the University of Edinburgh found that it is possible to intercept messages from the Fitbit One and Fitbit Flex bands, accessing personal data as it is sent to Fitbit's servers for analysis. Data intercepted in this way can be stolen or changed.
The most concerning aspect of this method is that Fitbit's end-to-end encryption - which scrambles information so that it can only be deciphered at its destination - provides no protection against the hack. Both the Fitbit One and Fitbit Flex were modified to bypass encryption and access stored information.
Fitbit says that it has updated its software to fix the security issue.
Dr Paul Patras of the University said, "Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology." He praised Fitbit's fast response to the problem.
In a statement, Fitbit said, ‘We are always looking for ways to strengthen the security of our devices, and in the upcoming days will start rolling out updates that improve device security, including ensuring encrypted communications for trackers launched prior to Surge [summer 2016]. The trust of our customers is paramount and we carefully design security measures for new products, continuously monitor for new threats, and diligently respond to identified issues.'
This is not the first time that Fitbit has been highlighted as a potential hacking target. Researchers from cyber security firm Fortinet exposed a vulnerability in the company's products in 2015 - although Fitbit rubbished the claims at the time.
BMC Software's Paul Cant, VP EMEA, told V3:
"The rise in popularity of wearable devices has made them an obvious target for hackers to capture personal and sensitive information. It is therefore essential that organisations have a durable cyber security strategy in place to ensure they are effectively equipped to deal with the ever-growing and evolving digital threats.
"In order to mitigate the security risks of vulnerabilities - like those that have been discovered in Fitbit devices - SecOps teams need to quickly identify the flaws, prioritise them against other threats and fix them, thus safeguarding customer and personal data from any future cyber insurgency."
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all