I’m a little surprised that this hack took so long to find……
Turns out that some bluetooth activity monitors are wide open, making it pretty trivial to inject some code into them.
Here’s the clever bit. The next time your tracker syncs with your computer (to upload your steps taken or activity performed), it will also upload that extra bit of code, from there, well…… all your base are belong to us.
If you are interested in such exploits, you can read a bit more about it on the web in a few places.
One I pulled almost at random;
http://www.engadget.com/2015/10/21/fitbit-tracker-bluetooth-vulnerability/
Fitbit trackers have a whopper of a vulnerability that can let somebody within Bluetooth range quickly hack them, according to security company Fortinet. Worse yet, once the attackers are in, the device will infect any computer that tries to sync with the device.
The really really interesting bit is that you do not need physical contact with the device, you can do this over the air.
So, if you build yourself a nice high gain bluetooth antenna, say using a Pringles can… http://www.seeedstudio.com/recipe/177-pringles-can-antenna-with-a-linkit-one.html (Works with Bluetooth just as well as Wifi)… You could do this code injection into someone’s fitness tracker from so far away that they would never know you are even there……
My point is, I find it interesting to see just how on the edge our tech is.
(Is there an echo in this blog?).
