'10-second' hack jogs Fitbits into malware-spreading mode

Source: The Register

A vulnerability in FitBit fitness trackers first reported to the vendor in March could still be exploited by the person you sit next to on a park bench while catching your breath.

The athletic-achievement-accumulating wearables are wide open on their Bluetooth ports, according to research by Fortinet. The attack is quick, and can spread to other computers to which an infected FitBit connects.

Attacks over Bluetooth require an attacker hacker to be within meters of a target device. This malware can be delivered 10 seconds after devices connect, making even fleeting proximity a problem. Testing the success of the hack takes about a minute, although it is unnecessary for the compromise.

Fortinet researcher Axelle Apvrille (@cryptax) told Vulture South that full persistence means it does not matter if the FitBit Flex is restarted; any computer that connects with the wearable can be infected with a backdoor, trojan, or whatever the attacker desires.

Read more: http://www.theregister.co.uk/2015/10/21/fitbit_hack