back to article It's 2016 and now your internet-connected bathroom scales can be hacked

Owners of Fitbit's Aria internet-connected smart scales are being advised to install a firmware patch following the discovery of critical security flaws. Tavis Ormandy of Google's Project Zero was credited with finding the vulnerabilities in the Wi-Fi cyber-scales. While Fitbit isn't providing specific details on the nature of …

Silver badge

What if...

With my PC being fully 3' from the router I use an Ethernet connection and my wifi capability remains "off", or it would if "off" was an allowable state; actually I have it set to be functional for as short a time as possible during the wee small hours.

However I know from those occasions when I use the laptop at home (also "wired") that it can see usable signals from neighbour's wifi equipment.

I wonder what fun will arise if I accidently* bring IoT enabled items into Maison Commswonk and it affiliates with someone else's wifi and sends back all sort of data about "me" when in fact it will appear to be sending back all sorts of data about "them".

* I certainly won't do it by choice.

2
0
Windows

Re: What if...

This is the real problem with IOT, even if you ban the things (assuming you've bought one of them) from accessing your network how easy is it for them to phone home via someone else's shitty un-protected setup?

I need a drink, and Hinterland has just started on BBC4.

0
0
Silver badge

Re: What if...

Perhaps there is a solution to be found in subverting the whole process rather than trying to prevent it.

If the detail of the data sent back to IoT central can be determined then sending back manifestly absurd information becomes almost trivial.

How many bits of toast did that house consume this morning? How heavy is that family?

Let the games begin...

4
0
Silver badge

Re: What if...

There will be a law against that in a jiffie!

1
0
Silver badge

"The future's now, but it's all going wrong..." - The The

1
0

More pointless IoT cloudy bollocks, what a world we live in where just about everything is "smart" (an oxymoron if ever I saw it) and connected to the net for the hell of it. Pure gimmickry with a security model worthy of the year 2000.

Call me old fashioned, but I still use a notepad and pen to keep track of things like my weight.

1
0
Silver badge

"Call me old fashioned, but I still use a notepad and pen to keep track of things like my weight."

How does that work exactly? Do you place a carefully measured inkblot on the notepad, stand on it and measure the size of the resulting patch?

Once you realise that a measuring device based on strain gauges is ultimately easier to make and has a longer reliable life than something using calibrated springs and gears, and that the electronics to measure the output of the strain gauges benefits from a microprocessor, you might just as well do something with the spare ROM and RAM.

Storing the data in "the cloud" no, the option to keep it local should be there. But there's nothing wrong with finding a use for a little surplus compute power, and using it to keep track of things seems pretty obvious.

0
0
Anonymous Coward

I had these scales and got hacked...

Is what I told the judge: the Russians or the Chinese or someone hacked my scales, and that immediately changed my weight, so my trousers got too tight, so my button popped when I stood up on a crowded train, so my trousers fell down, and due to an unfortunate series of domestic inefficiencies at home I'd washed no underwear, so for hygiene purposes I was simply, like everyone else does I imagine, wearing clingfilm only under my trousers, but three passengers screamed, two took a photo, one reported me and here I am now, awaiting sentencing. I spoke to a Fitbit representative who said: "This has got nothing to do with us."

3
0
Stop

The Thing about the Internet Of Things

Is... did they actually ask whether anyone wanted it?

1
0
Gold badge
WTF?

Wrong stress in article.

Embarrassingly simple vuln in IoT device is on a par news-wise with the sun coming up, bears crapping in woods and such.

The fact that the object in question can be updated and a patch has been issued? That one's way into "well, fuck me backwards" levels of surprise.

1
0
Trollface

Entirely too much fun

Who would want to hack a bathroom scale? Well…

Let's say that some obnoxious show-off bloke brags to you about his expensive IoT bathroom scale. So you hack into it, causing it to increment his actual weight by 1-2pounds every 3-4 days. After a couple of weeks or so, he would become concerned about his “weight gain” and cut back on his food consumption – and it wouldn't do any good!

Then you reverse the hack, decrementing his weight. At first he would be gratified that his diet was finally starting to work. However, when you reach the point that the scale gives an accurate weight display, you continue decrementing, taking him 15-20 pounds “underweight,” and increasing his food intake wouldn't do any good!

It would never occur to the bloke that his expensive, state-of-the-art toy was malfunctioning.

(They're really not supposed to allow Internet access from this ward.)

0
0
Silver badge
Coat

I was wondering....

...is it a thin client issue or a fat client issue?

1
0

As Jobs would say

Not that big of a deal.

It's a theoretical hole which would have allowed an attacker who was already on your wifi to convince your scales that he was the fitbit server, so he'll find out what you weigh. There's nothing here which says that he'll be able to do anything bad to the scales. Firmware updates are signed (I hope) if they aren't that would be more of a story but there's no suggestion of that.

Also, they've fixed it before anyone has used it. Great. This is surely a story of IoT done right.

0
0
Silver badge

What, why? How about the planet?

We have taken perfectly good and accurate bathrrom scales that work from a proven mechanical design, and made it electrical?

Sorry but if we are all supposed to be conserving energy, can any one tell me what reason making these things electronic and able to talk to the net is a good idea? Whats your electrical footprint if I decide to completly connect all the things that never needed it before up?

How about the materials used to make it electronic, pretty sure they are less environmentaly friendly than the average mechanical scale materials.

I can't see any significant advantage in this, not even sure why you would want to have your scales connected, what they gonna do talk to your fridge and tell it not to unlock except at meal times?

Seems to me it's a fail on many levels, security, environmental, design, point.

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018