Attacks on Fitness Trackers Revisited: A Case-Study of Unfit Firmware Security

TL;DR

This paper uncovers a firmware verification flaw in Withings fitness trackers, enabling potential compromise of device integrity, which raises security concerns for data authenticity in health and legal contexts.

Contribution

It identifies a novel firmware verification vulnerability in fitness trackers, highlighting a new attack vector previously unexploited in this domain.

Findings

Firmware verification flaw allows device compromise

Hardware similarities suggest broader vulnerability

Implications for data integrity in health and legal use cases

Abstract

Fitness trackers - wearables that continuously record a wearer's step count and related activity data - are quickly gaining in popularity. Apart from being useful for individuals seeking a more healthy lifestyle, their data is also being used in court and by insurance companies to adjust premiums. For these use cases, it is essential to ensure authenticity and integrity of data. Here we demonstrate a flaw in the way firmware for Withings' Activit\'e is verified, allowing an adversary to compromise the tracker itself. This type of attack has so far not been applied to fitness trackers. Vendors have started mitigating previous attacks, which manipulated data by interfering with wireless channels, or by physically moving the tracker to fool sensors. Hardware similarities amongst different trackers suggest findings can be transferred to other tracker as well.