Fitbit trackers have a whopper of a vulnerability that can let somebody within Bluetooth range quickly hack them, according to security company Fortinet . Worse yet, once the attackers are in, the device will infect any computer that tries to sync with the device. Via Twitter , Senior Fortinet researcher Axelle Apvrille told Engadget “you don’t need physical access (to the tracker), but you do need to be close (Bluetooth range). It does not matter if it is paired (to another device) or not.” When in range, a bad actor could infect the device in as little as 10 seconds. Apvrille informed Fitbit of the vulnerability back in March, but the wearable outfit has yet to fix the issue, according to the Register . In addition, the vulnerability remains in the wearable even after it’s reset. Once infected, the device can install a virus, trojan or other vulnerability on your computer, even days later. “An attacker sends an infected packet to a fitness tracker nearby at Bluetooth distance then the rest of the attack occurs by itself, without any special need for the attacker being near, ” Apvrille said . While the Fitbit uses encryption, the Bluetooth transmitter itself is apparently wide open, allowing attackers in. If you want to find out more, Apvrille will present her findings via a video demonstration at the 2015.Hack.lu conference tomorrow in Luxembourg. @AaronIsSocial you don’t need physical access, but you need to be close (bluetooth range). It does not matter if it is paired or not. — Axelle Ap. (@cryptax) October 21, 2015 Via: The Register Source: Axelle Apvrille (Twitter)
