In response to Fitbit’s statement, a Fortinet spokesperson told NBC News that “our security threat researcher demonstrated to Fitbit a vulnerability that enabled her to inoculate a Fitbit device with arbitrary code that could be sent to computers that the device connects to over a Bluetooth connection”.
Axelle Aprville, a researcher at the security company Fortinet, showed in a presentation that using Bluetooth, she could manipulate data on steps and distance and, theoretically, infect it and spread malware to synced devices.
While the Fitbit device itself can be easily accessed from a Bluetooth device, the USB dongle that is used by the bracelet to communicate with a PC (and then to the Fitbit servers) seems to use encrypted transmissions when communicating with the Internet. In 2011, blogger Andy Baio tweeted that Fitbit fitness band users’ sexual activity was showing up in Google search results by accident, revealing whether they had engaged in “vigorous” or “passive and light” efforts. Once the hacker gains entry on the users’ computer he could wreak havoc and all personal information could be extracted remotely. For the full article click here
from hacker samurai http://ift.tt/1kyNHt3
via IFTTT
No comments:
Post a Comment