Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Researcher weighs in with heavy-duty IoT vulnerability in Fitbit scales

Vulnerabilities in Internet of Things (IoT) devices are a growing threat, but this one really tips the scales.

Wearable fitness tracker manufacturer Fitbit has acknowledged on its website that an April 2016 update to its Aria Wi-Fi Smart Scale, an Internet-connected bathroom scale, patched a critical security vulnerability that was discovered through Google's Project Zero initiative.

Project Zero researcher Tavis Ormandy confirmed this announcement with his own post on Twitter, writing “Hahahah, I found a critical security issue in a bathroom scale.”

Ormandy didn't elaborate on the nature of the flaw, but The Register obtained a statement from Fitbit that said the scale “used a static transaction identifier for DNS requests, which could allow an attacker to trick the scale into synchronizing with a non-Fitbit server.” Fitbit said it is not aware of any security incidents related to the flaw.

“All users with an Aria Wi-Fi scale that is paired to an account, has recently synced to Fitbit, and has healthy batteries will automatically receive the firmware update,” the statement continued.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.