Am I the only one thinking it's a good job we don't have ipv6 yet?
It's 2016 and now your internet-connected bathroom scales can be hacked
Owners of Fitbit's Aria internet-connected smart scales are being advised to install a firmware patch following the discovery of critical security flaws. Tavis Ormandy of Google's Project Zero was credited with finding the vulnerabilities in the Wi-Fi cyber-scales. While Fitbit isn't providing specific details on the nature of …
COMMENTS
-
Friday 29th April 2016 20:21 GMT Hans 1
I was in a shop for some scales, the cheapest I could find (no, I do not really need precision) were Bluetooth-enabled scales .... they work without, but you can hook-up your mobe to send your data to a cloud ...
We do not really care about BMI or whatever, we just wanted scales to weigh the kids ... needless to say, Bluetooth has been turned off on the device ... there is no option, I disconnected the antenna.
Why people share information like this with commercial companies is beyond me ... the porkies will get contacted by weight watchers or slimfast in no time, for the "one month free special deal" ...
My BMI is below 20 and I do not really care, it has been like that for over two decades and I am as fit as a fiddle.
Never, EVER, put your WIFI password into these devices. Hello, anybody in ?
-
Friday 29th April 2016 20:40 GMT Andy Non
I made the mistake of buying some overly-fangled Tefal scales a while back, they were all that were left in the shop. They were annoying as hell. All I wanted to know was my weight, but you had to step on them then off and back on again to turn them on; then if I had just got on them after my wife they dutifully informed me the difference in our weights and displayed a graph of the changes in "my" weight. To make matters worse the batteries only lasted a month or so. Ended up throwing them away after only a few months and buying some cheap spring based scales. At least they did what scales are supposed to do. The more technology they put in these things, often the worse and more unusable they become.
-
Friday 29th April 2016 21:18 GMT a_yank_lurker
@Hans 1 - It looks like a Wally World run or check Amazon. Given the Wally World clientele is generally not interested in IoT and Amazon seems to carry about everything one might find a basic scale with no connectivity.
I HATE IoT, imbecilic marketing featuritis that has almost no real benefit except to fleece one of their hard-earned money
-
-
-
Tuesday 3rd May 2016 22:12 GMT razorfishsl
Yes... dummy, Imagine a hacker attacks your refrigerator,
Then uses it as a remote system with updated firmware to attack the other devices in your hovel.
Maybe your banking browser or router, then leverages your systems from inside your "fire walled" router, maybe goes on to attack some government systems or banking infrastructure from your IP address... and for a laugh downloads some kiddie porn onto your systems.
What's that dummy, no AV software for your appliances...?
I have some very interesting work going regarding TV boxes, and before that USB sticks
but then again ... so do the Chinese.....
-
-
Friday 29th April 2016 21:15 GMT Rol
The Force, with you, it is. marketing force, that is.
"Hey Dave, how's things? I'm off to the jobcentre and thought I'd pop in on the way for a coffee"
"DID SOMEONE MENTION COFFEE?"
"What's that?"
"Oh, it's my new coffee maker, it was the cheapest I could get, but it seems part of the price is it will shout advertising crap at me while making the coffee"
"DO YOU NEED A BREAK, I HAVE MILLIONS OF GETAWAY DEALS, ALL AT AFFORDABLE PRICES"
"Wow, both amazing and annoying"
"Mmm"
"Tastes ok though, just gonna use your loo.....Hey a new toilet as well"
"BUY RAPIDO BLEACH, KILLS EVERYTHING RAPID LIKE"
"You've got to be joking, another cheapest you could find?"
"Yes, I think I've learnt my lesson"
"Any other remarkably cheap, yet annoying new things?"
"Well, I got this Chrome Book laptop thingy, but it seems fine..............
-
-
Saturday 30th April 2016 17:27 GMT Anonymous Coward
Re: What's the worst that could happen?
What's the worst that could happen?
That is the most dangerous phrase in the English language. I'd guess it was probably what the inventors of the atomic bomb said before the first test, when they thought they'd just get a modestly big bang and a crater 100 feet across.
-
-
Sunday 1st May 2016 21:16 GMT Anonymous Coward
Re: What's the worst that could happen?
"Well, for the H bomb that was some fear that it could ignite the atmosphere. They did some calculations, then proceeded anyway. That took BALLS!"
I would say it took insane, sociopathic shortsightedness - and the Castle Bravo detonation proved that to be the case. The story of H-bomb development is one of people who shouldn't have been allowed to play with a box of matches in a sprinkler factory.
-
-
-
-
Friday 29th April 2016 21:32 GMT redpawn
Toothbrush next
This is a great idea. Insurers will love having more data. Your tooth brush could send brushing time and dietary info to the scale to be forwarded to your insurance company. Remember to check regularly for security updates for all your door knobs, scales, light bulbs paperweights etc. You wouldn't want to mis out on all the great new features.
-
Saturday 30th April 2016 08:23 GMT billse10
Re: Toothbrush next
"Insurers will love having more data" - but there's one thing they'll love far, far more.
"Remember to check regularly for security updates for all your door knobs" ... wait, you didn't have the latest security patch installed on your door knobs when they broke in? Oh, but as that's a breach of your insurance policy, we won't be able to pay out. The policy clearly states you are required to install the very latest update within five minutes of release, regardless of what the patch is or does - look, it's here, in the footnote on page 94 - so it's actually your fault we can't pay you.
-
-
Friday 29th April 2016 21:46 GMT Mark 85
The Race to the Stupid Level is on....
Dare I ask.... could there possibly anything more stupid than an internet connected scale.. besides a light bulb, that is? Ok.. add coffee pot, refrigerator, power drill, kitchen mixer, and the toilet (loo). Now can there be anything more useless than these that we can connect?
I guess if I were a miscreant, I'd want these things in everyone else's home and office, though.
-
Saturday 30th April 2016 06:59 GMT Steve Davies 3
IoT - Idiots or Twats. You choose
IOT is also a solution waiting for a question
Why?
Why?
why?
would anyone connect a [insert IoT device type/name here] to the internet?
What benefit to humanity is it?
I do know that I will never connect any domestic appliance to the Internet.
Nowt more to be said really
-
-
Saturday 30th April 2016 09:53 GMT Steve Davies 3
Re: IoT - Idiots or Twats. You choose
The Ad-slingers will be more interested in your data than the Government.
Suddenly your TV shows an Ad for nappies. A few seconds before your granddaughter told you that she was expecting (then in a quiet voice,) a present for her other half to be delivered to your home.
She's not pregnant but the dumb IoT think interpreted it all wrong.
Who do you sue when because of some ad slinging mistake a marriage/relationship ends?
Come on now all those in favour of this crap please tell us this?
Crap, pure and simple IMHO.
GTFO of my lawn.
-
Saturday 30th April 2016 10:38 GMT VinceH
Re: IoT - Idiots or Twats. You choose
I'm starting to realise that lots of people seem to have cheap rubbish routers that can't cope with many connected devices.
With luck, it'll people in that situation that will be first in line for idIOT / iOUT crap, and will think the devices are faulty when it's really their router that isn't coping - and the result is that word of mouth then kills this rubbish before it gets a chance to take off.
-
-
-
-
Saturday 30th April 2016 14:47 GMT Tom 7
I have just realised I now love the IOT despite its pointlessness.
I just remembered a Bob Monkhouse story of when he was in lodgings during fuel rationing and one of his fellow lodgers had a 2CV and kept going on about how fuel efficient it was (in those days it was very efficient) and for a couple of months Monkhouse crept out at night and poured some of his petrol ration into the guys car until his expounding of its fuel efficiency reached epic levels at which point he reversed the procedure.
I think I am going to enjoy this broken branch of technological evolution.
-
Saturday 30th April 2016 17:35 GMT Anonymous Coward
Re: I have just realised I now love the IOT despite its pointlessness.
this broken branch of technological evolution
If only it were, mate! The Internet of tat is going to be shoved down our throats with a rough and shitty stick. Sooner of later most domestic routers will be configured to allow IoT devices unauthenticated access (in the name of "ease of use"), and everything we buy will be "cloud enabled".
For the technically literate there will be solutions to this dystopian future, but for the masses.....
-
-
Saturday 30th April 2016 19:57 GMT Commswonk
What if...
With my PC being fully 3' from the router I use an Ethernet connection and my wifi capability remains "off", or it would if "off" was an allowable state; actually I have it set to be functional for as short a time as possible during the wee small hours.
However I know from those occasions when I use the laptop at home (also "wired") that it can see usable signals from neighbour's wifi equipment.
I wonder what fun will arise if I accidently* bring IoT enabled items into Maison Commswonk and it affiliates with someone else's wifi and sends back all sort of data about "me" when in fact it will appear to be sending back all sorts of data about "them".
* I certainly won't do it by choice.
-
-
Saturday 30th April 2016 20:32 GMT Commswonk
Re: What if...
Perhaps there is a solution to be found in subverting the whole process rather than trying to prevent it.
If the detail of the data sent back to IoT central can be determined then sending back manifestly absurd information becomes almost trivial.
How many bits of toast did that house consume this morning? How heavy is that family?
Let the games begin...
-
-
-
Sunday 1st May 2016 20:13 GMT Electric Panda
More pointless IoT cloudy bollocks, what a world we live in where just about everything is "smart" (an oxymoron if ever I saw it) and connected to the net for the hell of it. Pure gimmickry with a security model worthy of the year 2000.
Call me old fashioned, but I still use a notepad and pen to keep track of things like my weight.
-
Sunday 1st May 2016 21:23 GMT Anonymous Coward
"Call me old fashioned, but I still use a notepad and pen to keep track of things like my weight."
How does that work exactly? Do you place a carefully measured inkblot on the notepad, stand on it and measure the size of the resulting patch?
Once you realise that a measuring device based on strain gauges is ultimately easier to make and has a longer reliable life than something using calibrated springs and gears, and that the electronics to measure the output of the strain gauges benefits from a microprocessor, you might just as well do something with the spare ROM and RAM.
Storing the data in "the cloud" no, the option to keep it local should be there. But there's nothing wrong with finding a use for a little surplus compute power, and using it to keep track of things seems pretty obvious.
-
-
Sunday 1st May 2016 23:17 GMT Anonymous Coward
I had these scales and got hacked...
Is what I told the judge: the Russians or the Chinese or someone hacked my scales, and that immediately changed my weight, so my trousers got too tight, so my button popped when I stood up on a crowded train, so my trousers fell down, and due to an unfortunate series of domestic inefficiencies at home I'd washed no underwear, so for hygiene purposes I was simply, like everyone else does I imagine, wearing clingfilm only under my trousers, but three passengers screamed, two took a photo, one reported me and here I am now, awaiting sentencing. I spoke to a Fitbit representative who said: "This has got nothing to do with us."
-
Monday 2nd May 2016 09:26 GMT TeeCee
Wrong stress in article.
Embarrassingly simple vuln in IoT device is on a par news-wise with the sun coming up, bears crapping in woods and such.
The fact that the object in question can be updated and a patch has been issued? That one's way into "well, fuck me backwards" levels of surprise.
-
Monday 2nd May 2016 11:59 GMT Martin Maloney
Entirely too much fun
Who would want to hack a bathroom scale? Well…
Let's say that some obnoxious show-off bloke brags to you about his expensive IoT bathroom scale. So you hack into it, causing it to increment his actual weight by 1-2pounds every 3-4 days. After a couple of weeks or so, he would become concerned about his “weight gain” and cut back on his food consumption – and it wouldn't do any good!
Then you reverse the hack, decrementing his weight. At first he would be gratified that his diet was finally starting to work. However, when you reach the point that the scale gives an accurate weight display, you continue decrementing, taking him 15-20 pounds “underweight,” and increasing his food intake wouldn't do any good!
It would never occur to the bloke that his expensive, state-of-the-art toy was malfunctioning.
(They're really not supposed to allow Internet access from this ward.)
-
Tuesday 3rd May 2016 10:06 GMT Seajay#
As Jobs would say
Not that big of a deal.
It's a theoretical hole which would have allowed an attacker who was already on your wifi to convince your scales that he was the fitbit server, so he'll find out what you weigh. There's nothing here which says that he'll be able to do anything bad to the scales. Firmware updates are signed (I hope) if they aren't that would be more of a story but there's no suggestion of that.
Also, they've fixed it before anyone has used it. Great. This is surely a story of IoT done right.
-
Tuesday 3rd May 2016 11:17 GMT Triggerfish
What, why? How about the planet?
We have taken perfectly good and accurate bathrrom scales that work from a proven mechanical design, and made it electrical?
Sorry but if we are all supposed to be conserving energy, can any one tell me what reason making these things electronic and able to talk to the net is a good idea? Whats your electrical footprint if I decide to completly connect all the things that never needed it before up?
How about the materials used to make it electronic, pretty sure they are less environmentaly friendly than the average mechanical scale materials.
I can't see any significant advantage in this, not even sure why you would want to have your scales connected, what they gonna do talk to your fridge and tell it not to unlock except at meal times?
Seems to me it's a fail on many levels, security, environmental, design, point.