By TNT Bureau
Mar 10, 2016: Axelle Apvrille, the Fortinet security researcher at Hack.lu conference in Luxembourg said, hackers supposedly can turn the health bands of Fitbit into PC-infecting malware carriers.
The shocking statement
Apvrille revealed ads to how it is actually possible to get into the Bluetooth connection of any Fitbit health bands and within only 10 seconds, contaminate it with a malevolent packet that afterward might be used to contaminate your computer.
The global security strategist for Fortinet Derek Manky noted that owing to the range of Bluetooth which is around 30 feet, a hacker would require to be in close range of the Fitbit device to be able to send the harmful packet to it.
He further said that Fitbit would then get the data packet, amass it and after a while when a user attaches the tracker to his/her computer, that stored data would be sent to the computer.
He also acknowledged that this was merely an evidence of concept. In order to make this a real-world botheration, somebody or the other would have to make an exploit against the computer itself which is indeed a difficult task.
Another obstruction to turning the theoretical attack into an actual one is the size of the packet concerned. Manky said that they are dealing with an utmost of 17 bytes here making it all the more tough to succeed a real-world attack.
Nonetheless, the company said that security issues were false and that Fitbit health devices could not be used to contaminate users with malware, confirmed other reports.
Fitbit cautiously designs safety measures for new devices, observe the landscape for new threats and quickly responds to all type of problems.
The chief analyst for low power wireless at IHS Technology Lee Ratliff said that to some degree the investigator is making a ‘mountain out of a mole hill’.
Negligible impact in sales
Any attack shot likely would be unsuccessful because majority of the people don’t use their health bands with their computers, pointed out Ratliff.
Ratliff further said that he uses his fitness device to connect to his smartphone and he is more than sure that majority of the people do the same. So, if the exploit has no effect on a smartphone that definitely reduces its overall impact.
Furthermore there has been no provable damage from the hack. It’s a hypothetical thing at the moment, he added.
However Fortinet said that all these don’t mean that creators of health bands should ignore the safety issues completely.
Coming forward with precision
There are numerous manufacturers that produce electronic items and very few actually have security experts, Ratliff pointed out. In majority of the cases, it is common engineering staffs who try to put together a safety solution for thr products.
Safety doesn’t show on the radar of majority of the device manufacturers until late in the growth cycle. Many a times, security is left as a postscript in numerous IoT devices. The focus is to maximize battery life while reducing the overall cost.