The Internet of Things and proliferation of wireless devices is creating opportunities for threat actors to employ new attack strategies. Fortinet’s threat researchers proactively work to discover new vulnerabilities and properly communicate findings so necessary actions can be taken. As in all instances, our researchers follow responsible disclosure policies and in this case, Fitbit was notified of the vulnerability in March. Our security threat researcher demonstrated to Fitbit a vulnerability that enabled her to inoculate a Fitbit device with arbitrary code that could be sent to computers that the device connects to over a Bluetooth connection. To responsibly ensure that these vulnerabilities could not be exploited more broadly by other malicious actors, Fortinet and our researchers refrained from publishing key details about specific Fitbit devices and the methodologies employed to exploit these devices.
For media inquiries, please contact: