Security News > 2020 > October > Fitbit Spyware Steals Personal Data via Watch Face

Fitbit Spyware Steals Personal Data via Watch Face
2020-10-09 18:58

Kev Breen, director of cyber threat research for Immersive Labs, created a proof-of-concept for just that scenario, after realizing that Fitbit devices are loaded with sensitive personal data.

Breen's efforts resulted in a malicious watch face, which he was then able to make available through the Fitbit Gallery.

"The trust of our customers is paramount, and we are committed to protecting consumer privacy and keeping data safe," Fitbit told Threatpost, in a statement.

As for the ease of uploading the malicious app to the gallery, "We we were advised that apps submitted to the Fitbit Gallery for public download undergo manual review and that obvious spyware or applications masquerading as something else are likely to be caught and blocked from being published."

"We encourage consumers to only install applications from sources they know and trust and to be mindful of what data they're sharing with third parties," Fitbit concluded.


News URL

https://threatpost.com/fitbit-personal-data-watch-face/160003/