The Daily Parker

Politics, Weather, Photography, and the Dog

FitBit attack vector?

Via Schneier, a report that FitBit trackers could, in theory, spread malware to users' computers:

The athletic-achievement-accumulating wearables are wide open on their Bluetooth ports, according to research by Fortinet. The attack is quick, and can spread to other computers to which an infected FitBit connects.

Attacks over Bluetooth require an attacker hacker to be within metres of a target device. This malware can be delivered 10 seconds after devices connect, making even fleeting proximity a problem. Testing the success of the hack takes about a minute, although it is unnecessary for the compromise.

"Fortinet first contacted us in March to report a low-severity issue unrelated to malicious software. Since that time we’ve maintained an open channel of communication with Fortinet. We have not seen any data to indicate that it is currently possible to use a tracker to distribute malware," [FitBit said].

The researcher has made it clear that this is a proof-of-concept attack, and not one that exists in the wild.

Comments are closed