FitBit Fitness Tracker Can Be Hacked In 10 Seconds

FitBit Fitness Tracker Can Be Hacked In 10 Seconds

Security researcher Axelle Apvrille demonstrated the vulnerabilities of the popular health tracker at the Hacktivity Conference in Budapest.

Apvrille, who works for Fortinet, showed how FitBit could theoretically be infected with malware that could then be transferred to the user’s computer. The security flaw exploits weaknesses in the device’s open Bluetooth connection, writes Amanda Schupak for CBS News.

Fund Manager Profile: Kris Sidial Of Tail Risk Fund Ambrus Group

invest Southpoint CapitalA decade ago, no one talked about tail risk hedge funds, which were a minuscule niche of the market. However, today many large investors, including pension funds and other institutions, have mandates that require the inclusion of tail risk protection. In a recent interview with ValueWalk, Kris Sidial of tail risk fund Ambrus Group, a Read More

Security researcher shows FitBit flaws

First off Apvrille manipulated data by reverse engineering the FitBit protocol, then she demonstrated how to send malware via Bluetooth to the wearable that would be transferred to the user’s computer during the next sync.

The payload was just 17 bytes, but more than enough to infect the FitBit with a Trojan or other small pieces of malware. Apvrille took to Twitter to underline the fact that infection is purely theoretical at this stage: “Note however the scenario where a small virus propagates is – I believe – possible but not yet demoed,” she wrote.

“She showed that the FitBit firmware has vulnerabilities that allowed her to plant arbitrary bytes into the FitBit, those bytes then being, ‘reflected’ to a computer talking to a Fitbit,” Guillaume Lovet, a senior manager at FortiGuard, part of Fortinet, told CBS News.

“She did not go as far as making a malicious payload with those bytes, that would exploit the computer (and plant some malware in it), but it is theoretically possible to do that,” he explained.

FitBit reassures customers over safety of device

Perhaps the most interesting part of the demonstration is that it showed how infection could theoretically occur in just 10 seconds, without any physical contact. As a result a hacker need only be within a short distance for 10 seconds in order to infect your FitBit.

Aprville told FitBit about the flaw in March and demonstrated her work once again at the event in Luxembourg this Wednesday.

“On Wednesday, October 21, 2015, reports began circulating in the media based on claims from security vendor Fortinet that Fitbit devices could be used to distribute malware. These reports are false. In fact, the Fortinet researcher, Axelle Apvrille, who originally made these claims has confirmed to Fitbit that this was only a theoretical scenario and is not possible. Fitbit trackers cannot be used to infect users’ devices with malware. We want to reassure our users that it remains safe to use their Fitbit devices and no action is required,” a Fitbit spokesperson told CBS News.

The company added: “we’ve maintained an open channel of communication with Fortinet. We have not seen any data to indicate that it is possible to use a tracker to distribute malware.”

While studying economics, Brendan found himself comfortably falling down the rabbit hole of restaurant work, ultimately opening a consulting business and working as a private wine buyer. On a whim, he moved to China, and in his first week following a triumphant pub quiz victory, he found himself bleeding on the floor based on his arrogance. The same man who put him there offered him a job lecturing for the University of Wales in various sister universities throughout the Middle Kingdom. While primarily lecturing in descriptive and comparative statistics, Brendan simultaneously earned an Msc in Banking and International Finance from the University of Wales-Bangor. He's presently doing something he hates, respecting French people. Well, two, his wife and her mother in the lovely town of Antigua, Guatemala. <i>To contact Brendan or give him an exclusive, please contact him at [email protected]</i>
Previous article Europe’s Electricity Production By Country And Fuel Type [Charts]
Next article Google Inc Smashes Earnings Estimates

No posts to display