Here’s How Your Fitbit Could be Hacked in Just 10 Seconds


hacking-fitbitShort Bytes: With the ever advancing fast-paced technology, we are now more open to the more intimate devices like wearables. They are connected to our body and continuously record our movements, giving us the regular feedback. This demands more focus on the security of wearables and this article telling about a proof-of-concept 10 second Fitbit hack asks the same question.

IoT devices and your new-age wearables are the gizmos that could be referred to as a hacker’s dream target. Attacking these devices gives them direct control over your body and daily life, and harm you.

Along the similar lines, a security researcher has revealed a 10 second Fitbit hack that can allow a hacker to hack your fitness tracker in the blink of an eye. It should be noted that Fitbit fitness tracker is the most popular wearable out there and it sold 11 million devices just in 2014.

During a privacy-focused event Hack.Lu 2015 in Luxembourg, security researcher Axelle Apvrille demonstrated the 10 second Fitbit hack. He said that these wearables are wide open on their Bluetooth ports and the attack is quick to perform.

He was able to manipulate the data stored on a tracker and used Fitbit to spread malicious code (in the form of Fitbit data) to a computer. Apvrille was able to infect the Fitbit Flex tracker in 10 seconds from just 15 feet away. If some hacker tries to exploit the vulnerability, he/she can target the computers in gadget’s Bluetooth range.

When a Fitbit connects to a device by data syncing, some malicious software could be used to slip a Trojan on a computer, or used to open a backdoor. “An attacker sends an infected packet to a fitness tracker nearby at Bluetooth distance then the rest of the attack occurs by itself, without any special need for the attacker being near,” Apvrille says.

Also read: How a Codeless Hack Won $5000 at Facebook Hackathon Without a Single Line of Code

For now, this 10 second Fitbit hack is just a proof-of-concept that shows it’s not hard to inject code into wearables.

However, Fitbit has denied such allegations and pointed out that it’s devices can not be used to serve malware. “We believe that security issues reported today are false, and that Fitbit devices can’t be used to infect users with malware. We will continue to monitor this issue,” Fitbit said in a statement about this 10 second Fitbit hack.

What are your views regarding the 10 second Fitbit hack? Tell us in the comments below.

Adarsh Verma

Adarsh Verma

Fossbytes co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email — [email protected]
More From Fossbytes

Latest On Fossbytes

Find your dream job