Wearables are like cyber-terrorist candy . They correspond a new family of technology that ’s subject of put in data point — including malware — that people do n’t expect to get pwned . Butthat ’s exactly what just happened : Hackers calculate out how to remotely upload malware to a Fitbit . It only takes ten moment .
hack on . Lu conference in Luxembourg tomorrow , said hackerswill demonstrate a methodfor wirelessly loading malware ontoa Fitbit Flex fittingness tracker . The Register account that this is “ the first time malware has been viably fork up to fitness tracker . ” Fortinet research worker Axelle Apvrille helped come up with the exploit and explains it it horrifying price :
An assailant sends an septic packet to a fitness tracker nearby at Bluetooth distance then the rest of the approach occurs by itself , without any special need for the assailant being cheeseparing .
[ When ] the victim wishes to synchronize his or her fittingness data with FitBit server to update their profile … the fittingness tracker responds to the question , but in addition to the stock message , the reply is tainted with the septic codification .
It does n’t vocalize like a big deal for a physical fitness tracker to be tainted with code . That is , until you call back that multitude plug away these thing into their computers . Apvrille continues :
From there , it can deliver a specific malicious payload on the laptop , that is , lead off a back door , or have the machine crash [ and ] can circulate the infection to other trackers [ Fitbits ] .
When you think about it , the little accessary are the stark delivery organization for malware . Unlike a USB marijuana cigarette , people plausibly do n’t require their fitness trackers to be a target for hackers .
The really frustrating thing about this exploit is the fact that Fitbit ’s known about the vulnerability since March when the Fortinet research worker get hold of them , but the caller still has n’t fixed it . Now that details are out in the open air , let ’s trust Fitbit ups its security game . In the meantime , mayhap just leave that gadget at home .
Update ( 2025-03-17 ): FitBit sent us the follow affirmation regarding the hack :
As the mart loss leader in attached health and fitness , Fitbit is focused on protecting consumer secrecy and keeping data safe . We believe that security way out reported today are delusive , and that Fitbit devices ca n’t be used to infect user with malware . We will continue to monitor this effect .
Fortinet first contacted us in March to cover a downhearted - severity issue unrelated to malicious package . Since that metre we ’ve observe an open channel of communicating with Fortinet . We have not see any data to indicate that it is presently possible to use a tracker to distribute malware .
We have a history of working close with the surety research biotic community and always welcome their thought and feedback . The reliance of our client is preponderating . We cautiously design security measuring rod for new Cartesian product , monitor for new threat , and rapidly respond to identified yield . We boost mortal to cover any certificate fear with Fitbit ’s products or on-line inspection and repair to[email protected ] . More information about reporting security publication can be receive online athttps://www.fitbit.com/security/.
[ The Register ]
get in touch with the generator at[email protected].Public PGP keyPGP fingermark : 91CF B387 7B38 148C DDD6 38D2 6CBC 1E46 1DBF 22A8
FitbitHackersHackingSecurity
Daily Newsletter
Get the beneficial technical school , skill , and culture news in your inbox daily .
News from the hereafter , delivered to your present .
You May Also Like
