Fitbit wearables can be hacked in 10 seconds, allowing the intruder to infect any PC connected to it, The Register reports.
Fitbit make a series of wearable devices that measure health statistics, such as blood pressure and heart rate. All of the information is then passed onto an online hub.
The hack, which Fitbit was made aware of in March, uses the open Bluetooth connection of a Fitbit wearable. Through this, a hacker could dump malware onto the wearable which would then be transferred to any computer the Fitbit came into contact with.
The ease of delivery — the attack can be completed in under 10 seconds — means that hackers can easily gain access to a computer via the Fitbit device, potentially wrecking havoc.
According to researcher Axelle Apvrille “[When] the victim wishes to synchronise his or her fitness data with FitBit servers to update their profile … the fitness tracker responds to the query, but in addition to the standard message, the response is tainted with the infected code.”
Apvrille plans to demo the hack at the Hack.Lu conference in Luxembourg tomorrow.