Bad News! FitBit can be hacked that could allow hackers to infect any PC connected to it.
What's more surprising?
Hacking FitBit doesn't take more than just 10 Seconds.
Axelle Aprville, a researcher at the security company Fortinet, demonstrated "How to hack a Fitbit in only 10 seconds," at the Hack.Lu conference in Luxembourg.
Aprville's test was a proof of concept (POC) that did not actually focus
on executing malicious payload, rather a logical attack.
By using only Bluetooth, Aprville was able to modify data on steps and
distance. However, she said it is possible to infect the device in an
attempt to spread malware to synced devices.
Fitbit Flex tracker is a flexible wristband that measures health statistics, such as blood pressure and heart rate.
The Flex is a product of Fitbit, and its salient features are:
- It can wake you up with a silent vibration alarm.
- The device is water-repellent.
- The sensor can be removed (and used with other Flex wristbands).
- It is synchronized via USB and can be used via the Fitbit app.
- It does wireless syncing via Bluetooth.
- It has an OLED display.
THE HACK
The hack, which was reported to Fitbit in March, makes use of the open Bluetooth connection of a Fitbit wearable.
According to the researcher, an attacker can send malware to the
wearable fitness tracker nearby at a Bluetooth distance, which would
then be transferred to any PC the Fitbit came into contact with.
Once infected, whenever the victim wishes to sync his or her fitness
data with FitBit servers, the wearable tracker responds to the query, "but in addition to the standard message, the response is tainted with the infected code," Aprville told the Reg.
"From there, [the fitness tracker] can deliver a specific malicious payload on the [PC], that is, start a backdoor, or have the [system] crash [and] can propagate the infection to other trackers," Aprville added.
Post a Comment
Post a Comment