help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Safety Concerns while using Fitbit

Replies are disabled for this topic. Start a new one or visit our Help Center.

‎12-04-2019 15:14

‎12-04-2019 15:14

I've been trying to decide between an apple watch and a fitbit, maybe the versa, and been it's really tough to try and pick one.  I have an iphone, but still trying to do some research and i came across this article. It says that Fitbit is monitoring the situation. Has there been any updates? I like the versa, but if its still easily exploited I'm not sure it would be the best. Please help!

 

https://www.engadget.com/2019/07/17/bluetooth-vulnerability-location-tracking-boston-university/

Best Answer
0 Votes
3 REPLIES 3

‎12-04-2019 19:18

‎12-04-2019 19:18

Hi @SunsetRunner. When I clicked on your link, this came up:

Opera Snapshot_2019-12-04_221437_consent.yahoo.com.png

It's funny to me because in order to see your link, engadget wants to know things about me. Can't say it's much different, is it?

Stepping in the U.S.A. since September 2013. Android 14

Best Answer
0 Votes

‎12-04-2019 19:42

In response to Odyssey13

‎12-04-2019 19:42

Everybody wants to know something lol. i don't remember seeing that message, but i'm going to go back and check,  for personal reasons i have to use a a vpn service when online. 

 

I pasted the article in here.  It was written by Christine Fisher and is available on https://www.engadget.com/2019/07/17/bluetooth-vulnerability-location-tracking-boston-university/  (i'm not trying to take credit for her work--posted so maybe you didn't have to accept the terms)

 

 

Your Fitbit and other Bluetooth gadgets could be giving away your location data. Researchers from Boston University (BU) detected a vulnerability in several high-profile Bluetooth devices that could allow third-parties to determine your location and other sensitive information. In the wrong hands, that information could be used for stalking or abuse. That's especially concerning given that basically everyone is carrying around a Bluetooth device.

The vulnerability has to do with the way Bluetooth-enabled devices pair with each other. In that relationship, one device serves as the central connection and the other plays a peripheral role. The peripheral device sends out a signal that contains a unique address -- similar to an IP address -- and data about the connection. Most devices produce a randomized address which automatically reconfigures periodically. That's meant to protect users' privacy, but the BU researchers found that, using an open-source "sniffer" algorithm, they could identify Bluetooth connections even when their addresses changed.

While the vulnerability doesn't leak personal data, it could be used to track Bluetooth devices and their users. Android might get a pass here. The researchers say Android devices don't appear to be vulnerable, but Windows 10 and iOS devices can be tracked. Fitbit users have it the worst. According to the researchers, Fitbits don't automatically update or randomize their addresses, making them even easier to track.

A Fitbit spokesperson provided the following statement to Engadget: "As the leader in connected health and fitness category, Fitbit is committed to protecting consumer privacy and keeping data safe. The trust of our customers is paramount and we carefully design security measures for new products, continuously monitor for new threats, and rapidly respond to identified issues."

The company also said that Fitbit devices aren't able to share personally identifiable information for any users, and the company believes it would be extremely difficult to actually stalk someone using this method. "Bluetooth Low Energy (BLE) technology is widespread and allows all types of devices to connect easily without draining battery power. It's important to note that this technology can only be used to confirm that an active tracker is nearby. No personally identifiable information is shared or accessible. It's highly unlikely that someone could stumble across a particular device, know who it belongs to, and track the device's movement," the company's statement says. Finally, Fitbit is keeping an eye on the situation and monitoring for any security breaches: "We are not aware of any consumer reports, inquiries or security incidents related to this issue and will continue to monitor it carefully," Fitbit's spokesperson said.

As a silver lining, thwarting this security gap can be as simple as turning off your Bluetooth connection and then turning it on again -- at least for Windows 10 and iOS devices. And don't get ready to ditch your Bluetooth gadgets just yet. As BU researcher Johannes Becker points out, "There are tons of ways to track people, with or without Bluetooth." But it's important to be aware of the signals you're sending out and who might have access to your sensitive information.

Update, 7/18/19, 1:45PM ET: This story has been updated with a statement from Fitbit.

Best Answer
0 Votes

‎12-05-2019 22:58

In response to SunsetRunner

‎12-05-2019 22:58

 

Well, I ended up getting a response from Fitbit and i included it below just in case anyone was looking. It kind of looks like they just copied and pasted info provided from the link to the article. I also gathered they didn't fix the issue and are just waiting to see what happens.

 

I typically run alone (or with my dog) and i'm happy about the idea of someone using that "sniffer" to track me or to be alerted when i'm nearby!

 

I'm not quite sure Fitbit is the place for me... I hope everyone stays Safe out there!

 

-----------------

We appreciate your patience with us regarding your questions.

We've gotten a response from our higher level of support and we would like to thank you for your feedback and let you know that Fitbit is aware of your concern.

Fitbit does take our customer’s personal data seriously and is always working towards consumer privacy and keeping their data safe. The trust of our customers is paramount, and we carefully design security measures for new products, continuously monitor for new threats, and rapidly respond to identified issues.

While the article you reference does speak for randomizing location data, we are not aware of any consumer reports, inquiries or security incidents related to this issue and will continue to monitor it carefully.

We hope this helps answer your questions.  We would love to have you in our Fitbit family.

Sincerely,

Bernadette C and the Fitbit Team

Best Answer
0 Votes