The Fitbit Flex connected bracelets are not safe, says Axelle Apvrille, French researcher specialized in security. According to her, they are affected by a large enough loophole to be hacked in about ten seconds.
If someone sits next to you and starts to strum on a laptop, have doubts about its intentions. It may well be trying to hack your logged bracelet. Axelle Apvrille explains that it is possible to connect to the Fitbit Flex Bluetooth without pairing. It is in this way that malware can be injected into the bracelet.
The attacker then has to wait for the user synchronizes his bracelet with Fitbit servers via their computer for the malicious code is transferred to this machine, like a Trojan horse. "When the victim wishes to synchronize its fitness data with the Fitbit server to update its profile, the fitness tracker responds to the request, but in addition to the standard message, the reply is accompanied malicious code," says the young woman , an employee of Fortinet.
During his experiments, it has managed to change the data sent by the Fitbit Flex servers and boosting the objectives and unlocking done faster rewards associated with it. The results of the research are exposed Axelle Apvrille when Hack.lu conference currently taking place in Luxembourg, but they do not seem to worry Fitbit.
To Fitbit, everything is false
Warned in March of the existence of this fault, the manufacturer said in a statement that it "focuses on protecting the privacy of its customers. "But he believes that" the security problems mentioned today are false and that the Fitbit products can not be used to infect users with malware. "
Since last March, "we have not seen data indicating that it is currently possible to use a tracker to distribute malware. "Notice that did not prevent to maintain communication with Fortinet to observe the evolution of the situation.
No comments:
Post a Comment