This is impressive:
"An attacker sends an infected packet to a fitness tracker nearby at bluetooth distance then the rest of the attack occurs by itself, without any special need for the attacker being near," Apvrille says.
"[When] the victim wishes to synchronise his or her fitness data with FitBit servers to update their profile ... the fitness tracker responds to the query, but in addition to the standard message, the response is tainted with the infected code.
"From there, it can deliver a specific malicious payload on the laptop, that is, start a backdoor, or have the machine crash [and] can propagate the infection to other trackers (Fitbits)."
That's attacker to Fitbit to computer.
Posted on October 22, 2015 at 1:20 PM • 21 Comments