The infamous mobile exercise and fitness app Fitbit was just given a rather “malicious” upgrade.
Call it an alarming discovery from a security researcher, who found out that hackers and other threat actors can spike the app with malware, powerful enough to phish out personal and other information from its user.
Fitbit advertises their app as fitness trackers capable of monitoring a specific user’s exercise frequency, heart rate, and even calorie intake. The app even has an option for its users to download different watch faces according to their preferences.
Let’s just say that the security researcher, out of sheer goodwill, managed to construct the spyware and laced it into the app, uploaded it to Fitbit’s official website, and ready for download. This malicious action will enable the app to acquire everything about its user’s personal information and even location data in real-time. What’s even crazier is that the upload was placed directly on the developers’ official private domain, thereby automatically making it legitimate. As with all other official domains/websites, the app’s chances of being trusted and downloaded are multiplied tenfold.
The security researcher who made the discovery immediately reached out to Fitbit to report the staged intrusion.
He also highlighted that no user data was exposed or compromised during the event. A representative from Fitbit confirmed the claims and announced that no data was compromised without their knowledge. Be it as it may, Fitbit took the report seriously and immediately applied the necessary changes to their systems to address the concerned loopholes.
In a final word released by Fitbit, they implied that their customers’ trust is their topmost concern and priority. They are committed to ensuring that all users get top-notch service by ensuring their privacy as consumers and their security. All the necessary measures are being implemented in making sure that their data is secure at all times.