Anatomy of a Vulnerable Fitness Tracking System: Dissecting the Fitbit Cloud, App, and Firmware
- Submitting institution
-
University of Edinburgh
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 58801707
- Type
- D - Journal article
- DOI
-
10.1145/3191737
- Title of journal
- Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies
- Article number
- 5
- First page
- -
- Volume
- 2
- Issue
- 1
- ISSN
- 2474-9567
- Open access status
- Compliant
- Month of publication
- March
- Year of publication
- 2018
- URL
-
-
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
4
- Research group(s)
-
A - Computer Systems
- Citation count
- -
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- Presents the first in-depth security analysis of complete Fitbit ecosystem, revealing firmware, app, and protocol weaknesses that led to privacy leaks, malware, and circumvention of vendor cloud. We give practical recommendations to mitigate the identified vulnerabilities in all IoT platforms similar to Fitbit. Results of this work led to official firmware updates for Fitbit Zip, One, Flex, Alta, Blaze, Charge, and Charge HR (http://help.fitbit.com/articles/en_US/Help_article/1372) and has helped improve the security of Fitbit devices released since 2017 (including Versa and Charge 3). This impacts over 27 million active users, ranging from individuals to enterprise entities, such as health insurers.
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -