Interesting
Wonder if this hack could be used to make lost Fitbits turn on their BLE in continuous ie beacon mode so you can find lost units?
Not that it would help now as the battery probably went flat about a week ago.
A vulnerability in FitBit fitness trackers first reported to the vendor in March could still be exploited by the person you sit next to on a park bench while catching your breath. The athletic-achievement-accumulating wearables are wide open on their Bluetooth ports, according to research by Fortinet. The attack is quick, and …
How do they make you get out of the way? You have a right to 'around' half the path, just as a car on a road without a marked centerline. To be polite you should move over to the edge of the path but you should not feel as though you need to move off it. It is on them to adjust and move their group to the side enough to pass, or single file. They can't force you to move, your problem is that you're not asserting your equal rights to the path.
It sounds like your dislike of joggers is a projection of your subconscious recognition of your own weakness in not asserting yourself. They aren't making you move, you are letting them.
It sounds like your dislike of joggers is a projection of your subconscious recognition of your own weakness in not asserting yourself.
Wow.
I am sure that after you pick yourself up off the floor, you would be completely in your rights to argue with the three three joggers about who had right of way etc. However, most humans will step out of the way.
One question : is that point when sales have hit the floor because nobody trusts the product any more, or some time before that ?
The ability to mod the numbers or something is amusing (for us anyway, for companies paying out based on false numbers, not so much), this is not a critical piece of equipment after all. But the ability to root a computer with it is not amusing at all. Technically, even people that don't have a FitBit could be at risk. That is not good.
You owe me a new keyboard @Smooth Newt.
Preferably waterproof this time, attached to a Toughbook would be nice.
I wonder what other useful data could be extracted from these things? had a thought about using them to track suspicious BTLE devices such as rogue access points sharing the same spectrum, also for locating missing persons.
Little factoid, the battery on Fitbits though rated for 8 days max will actually last as long as 19 days if the owner does not use it or is immobile.
At 16 KPH, they might have been my steps once upon a time, but they sure aren't now.
But here is an idea for the next disruptive app: tie in your FitBit results to the Instagram pictures you are posting of all your meals (aren't you?), and evaluate the probability that you are faking in your Facebook photos. Note to VCs wishing to contact me: I'll wear cargo pants tomorrow to accommodate the cash you wish to stuff in my pockets.
What I don’t understand is the company’s lack of response to earlier vulnerability reports in early 2014 and 2013 by researchers at two different universities and/or the company's lack of internal controls to capably discover and mitigate possible breaches:
From 2014: http://courses.csail.mit.edu/6.857/2014/files/17-cyrbritt-webbhorn-specter-dmiao-hacking-fitbit.pdf
“This report describes an analysis of the Fitbit Flex ecosystem. Our objectives are to describe (1) the data Fitbit collects from its users, (2) the data Fitbit provides to its users, and (3) methods of recovering data not made available to device owners.
Our analysis covers four distinct attack vectors. First, we analyze the security and privacy properties of the Fitbit device itself. Next, we observe the Bluetooth traffic sent between the Fitbit device and a smartphone or personal computer during synchronization. Third, we analyze the security of the Fitbit Android app. Finally, we study the security properties of the network traffic between the Fitbit smartphone or computer application and the Fitbit web service.
We provide evidence that Fitbit unnecessarily obtains information about nearby Flex devices under certain circumstances. We further show that Fitbit does not pro- vide device owners with all of the data collected. In fact, we find evidence of per-minute activity data that is sent to the Fitbit web service but not provided to the owner. We also discovered that MAC addresses on Fitbit devices are never changed, enabling user- correlation attacks. BTLE credentials are also exposed on the network during device pairing over TLS, which might be intercepted by MITM attacks. Finally, we demonstrate that actual user activity data is authenticated and not provided in plaintext on an end-to-end basis from the device to the Fitbit web service
From 2013:
https://gigaom.com/2013/04/24/keeping-fitbit-safe-from-hackers-and-cheaters-with-fitlock/
“The fusion of social networks and wearable sensors is becoming increasingly popular, with systems like Fitbit automating the process of reporting and sharing user fitness da ta. In this paper we show that while compelling, the careless integration of health data into social networks is fraught with privacy and security vulnerabilities. Case in point, by reverse engineering the communication protocol, storage details and operation codes, we identified several vulnerabilities in Fitbit (abstract link in attached article)