Experts Warn It Just Takes 10 Seconds To Hack Fitbit Fitness Trackers: Here's Fitbit's Response

Posted on
Fortiner Senior Security Researcher Demonstrates Fitbit Hack At Hacktivity 2015

A senior safety researcher just lately made waves with claims of a 10-second Fitbit tracker hack, demonstrating a proof-of-idea that code could be injected into wearables. Fitbit has now responded to those allegations, reiterating its dedication to retaining knowledge protected and defending shopper privateness.
(Photograph : Framadrive)

Wearables could also be a hacker's dream and Fitbit trackers might be the jackpot, based on safety researchers who revealed a 10-second hack, however Fitbit disputes such claims.

As wearable units are more and more gaining momentum, individuals retailer extra knowledge on their smartwatches, health trackers and different such devices. Every time there's knowledge saved, there are additionally hackers lurking within the shadows and wearables are a new class able to carrying malware.

Fortinet safety researcher Axelle Apvrille lately detailed how a Fitbit tracker is weak to hacking by means of its Bluetooth radio, presenting the safety breach on the Hack.Lu 2015 convention.

Aprville managed not solely to control knowledge saved on the tracker, such because the logged health knowledge, however took the hack to the subsequent degree and used the Fitbit to distribute code to a pc. If a malicious hacker exploited that vulnerability, that code transmitted to a pc might very nicely be malware.

Aprville was capable of infect the Fitbit Flex tracker in simply 10 seconds from as a lot as 15 ft away, given the gadget's Bluetooth vary. Malicious software might pack some code designed to slide a Trojan on a pc, or open a backdoor, when the Fitbit connects to the device for knowledge synchronization.

The safety researcher revealed some slides to point out a couple of hacks, after demonstrating the extra extreme vulnerability at Hack.Lu.

However, this doesn't suggest that simply anybody might hack a Fitbit tracker to control the info saved on it or to push malicious code to a pc. Vulnerabilities reported by safety researchers don't imply such assaults truly happen within the wild, and Apvrille tried to make clear this in a collection of tweets following the presentation.

"To full the state of affairs you'd have to execute the malicious code on the sufferer's host. That is but to do (requires an exploit?)" explains one of many tweets.

In different phrases, this vulnerability might result in malicious code being pushed to computer systems, however this isn't the case simply but. For now, it is only a proof-of-idea that it isn't that onerous to inject code into wearables. It stays unclear for now whether or not the Flex is the one Fitbit tracker affected by this 10-second hack.

Fitbit, for its half, denied such allegations and argues its units can't function automobiles for infecting customers with malware.

"Because the market chief in related well being and health, Fitbit is concentrated on defending shopper privateness and protecting knowledge protected. We consider that safety points reported at the moment are false, and that Fitbit units cannot be used to contaminate customers with malware. We'll proceed to watch this situation," Fitbit stated in a press release to Engadget.

© 2015 Tech Occasions, All rights reserved. Don't reproduce with out permission.

Source : Techtimes