Are Fitbits Safe
Fit with Fitbit! But also safe? - Fitbit Charge HR
As part of our large fitness tracker test, we put a selection of popular candidates from this product area under the microscope and examined how well they are doing in terms of security and data protection. The first representative that we use for the test is the popular Charge HR from Fitbit. The following test report aims to clarify how securely customer data is protected against attackers and possible data protection problems at one of the best-known manufacturers in this area.
With the mobile application (tested version 2.63), Fitbit, as usual, does not allow itself any significant weaknesses: The source code is neatly obfuscated, which makes reverse engineering much more difficult for less experienced attackers. No sensitive information such as passwords, certificates or the like are embedded in the code and the certificate validation for securing communication between the app and the cloud also seems to be properly implemented. In addition, we could not find any unsecured storage of any sensitive data on the smartphone - there is, for example, data for authentication to be found in the secure storage area, so that a theoretical risk on rooted devices cannot be ruled out, but we can only assess this as a weak point with great difficulty . The application does not output any other channels, such as the Android logcat, particularly a lot of information or information that is potentially usable for an attacker, so that no criticism has to be made here either.
As usual, direct communication between the tracker and smartphone is implemented via Bluetooth Low Energy. Particularly important in this area is adequate user authentication and encryption as a further security layer for the transmitted data. In this way, it can be practically ensured that recorded user data is neither read nor manipulated on this transmission path. The Fitbit Charge HR is particularly exemplary in this regard: A clean authentication ensures that a potential attacker cannot establish a radio connection with the device and thus request sensitive data. But even if the communication were tapped anyway (which is of course always possible with a radio link), the data transmitted is also securely encrypted and thus practically adequately protected in the majority of possible attack scenarios. In the test, we did not notice any noteworthy weaknesses in this regard.
In the area of online communication, Fitbit does not allow itself any real weaknesses and further confirms the solid impression. In the test, we could not find any obvious weaknesses in this area either - all outgoing and incoming connections, including registration, login and synchronization, were exclusively encrypted with current standards. Even our standard tests for the possibility of man-in-the-middle attacks did not provide any indications of possible vulnerabilities at this point. Good work!
After we pointed out some serious weaknesses (among other things with regard to missing authentication and encryption) to Fitbit in our very first test in 2015 and provided advice and practical help in eliminating the problems, the security level was already at a very good level upscale. Nothing has changed in a negative direction up to this test: The concept is still correct, the most important security aspects are adequately covered and Fitbit does not have to expose itself to any criticism in terms of data protection. No real weaknesses, therefore full 3 stars!
- What are the signs of an exalted ego
- What type of public company issues debt securities
- Where did you get your grades from?
- Why did you stop going to church?
- Why are some elderly people huddled together
- What color are gray and yellow
- What is man's greatest treasure
- What is your best pet experience
- How do top CEOs manage employees
- Why do dead things smell bad
- What are the trustworthy online jobs
- Today people change the world
- Which country has the highest oil reserves?
- Who is the stronger Superman or Ultraman
- What is HRM and functions of HRM
- How do I live in Los Angeles
- What are the cheapest and best phones
- What is your favorite German song
- What is the correct age for LKG
- German croissants are preferred
- How can you understand women
- How often is the self-diagnosis correct
- Can a judge override the order of another judge
- What does Kardashian mean