Are Fitbits Safe

Fit with Fitbit! But also safe? - Fitbit Charge HR

As part of our large fitness tracker test, we put a selection of popular candidates from this product area under the microscope and examined how well they are doing in terms of security and data protection. The first representative that we use for the test is the popular Charge HR from Fitbit. The following test report aims to clarify how securely customer data is protected against attackers and possible data protection problems at one of the best-known manufacturers in this area.

 

Application security

With the mobile application (tested version 2.63), Fitbit, as usual, does not allow itself any significant weaknesses: The source code is neatly obfuscated, which makes reverse engineering much more difficult for less experienced attackers. No sensitive information such as passwords, certificates or the like are embedded in the code and the certificate validation for securing communication between the app and the cloud also seems to be properly implemented. In addition, we could not find any unsecured storage of any sensitive data on the smartphone - there is, for example, data for authentication to be found in the secure storage area, so that a theoretical risk on rooted devices cannot be ruled out, but we can only assess this as a weak point with great difficulty . The application does not output any other channels, such as the Android logcat, particularly a lot of information or information that is potentially usable for an attacker, so that no criticism has to be made here either.

 

Local communication

As usual, direct communication between the tracker and smartphone is implemented via Bluetooth Low Energy. Particularly important in this area is adequate user authentication and encryption as a further security layer for the transmitted data. In this way, it can be practically ensured that recorded user data is neither read nor manipulated on this transmission path. The Fitbit Charge HR is particularly exemplary in this regard: A clean authentication ensures that a potential attacker cannot establish a radio connection with the device and thus request sensitive data. But even if the communication were tapped anyway (which is of course always possible with a radio link), the data transmitted is also securely encrypted and thus practically adequately protected in the majority of possible attack scenarios. In the test, we did not notice any noteworthy weaknesses in this regard.

 

Online communication

In the area of ​​online communication, Fitbit does not allow itself any real weaknesses and further confirms the solid impression. In the test, we could not find any obvious weaknesses in this area either - all outgoing and incoming connections, including registration, login and synchronization, were exclusively encrypted with current standards. Even our standard tests for the possibility of man-in-the-middle attacks did not provide any indications of possible vulnerabilities at this point. Good work!

 

privacy

Fitbit's privacy policy is well structured and explains in an easy-to-understand manner which data Fitbit records and what happens to the recorded data. Personal data will not be shared with third parties. However, data that cannot be used to identify the user can be shared with third parties for statistical purposes, for example. Data is also processed in the USA, but based on the EU-US Privacy Shield and thus also on a high level of data protection.

 

judgment

After we pointed out some serious weaknesses (among other things with regard to missing authentication and encryption) to Fitbit in our very first test in 2015 and provided advice and practical help in eliminating the problems, the security level was already at a very good level upscale. Nothing has changed in a negative direction up to this test: The concept is still correct, the most important security aspects are adequately covered and Fitbit does not have to expose itself to any criticism in terms of data protection. No real weaknesses, therefore full 3 stars!