meet fitbit flex
play

Meet Fitbit Flex Wireless activity wristband Track steps, distance, - PowerPoint PPT Presentation

Dec 20, 2022 •146 likes •583 views

Meet Fitbit Flex Wireless activity wristband Track steps, distance, calories, active minutes Display progress with 5 LEDs No altimeter, no GPS on Flex. Only on Charge or Surge. Hack.lu 2015 - A. Apvrille 2/26 Its also a

  2. Meet Fitbit Flex ◮ Wireless activity wristband ◮ Track steps, distance, calories, active minutes ◮ Display progress with 5 LEDs ◮ No altimeter, no GPS on Flex. Only on Charge or Surge. Hack.lu 2015 - A. Apvrille 2/26

  3. It’s also a “sleep wristband” I slept well, thanks :) Hack.lu 2015 - A. Apvrille 3/26

  4. Opening the tracker Hack.lu 2015 - A. Apvrille 4/26

  5. Opening the tracker Thanks to my husband, Ludovic :) Hack.lu 2015 - A. Apvrille 4/26

  6. Opening the tracker Thanks to my husband, Ludovic :) Hack.lu 2015 - A. Apvrille 4/26

  7. Opening the tracker Thanks to my husband, Ludovic :) Hack.lu 2015 - A. Apvrille 4/26

  8. Opening the tracker Thanks to my husband, Ludovic :) Hack.lu 2015 - A. Apvrille 4/26

  9. Opening the tracker Thanks to my husband, Ludovic :) Hack.lu 2015 - A. Apvrille 4/26

  10. Sleep stage: polysomnography (PSG) Credits: NascarEd Hack.lu 2015 - A. Apvrille 5/26

  11. Tracking activity with an accelerometer Acceleration on (x), (y) and (z) for walking and jogging From Kwapisz, Weiss and Moore, “Activity Recognition using Cell Phone Accelerometers”, SIGKDD 2011 Hack.lu 2015 - A. Apvrille 6/26

  12. Tracking activity with an accelerometer Acceleration on (x), (y) and (z) for sitting and standing From Kwapisz, Weiss and Moore, “Activity Recognition using Cell Phone Accelerometers”, SIGKDD 2011 Hack.lu 2015 - A. Apvrille 6/26

  13. Spying with an accelerometer From Ravi, Dandekar, Mysore and Littman, “Activity Recognition from Accelerometer Data”, IAAI’05 Hack.lu 2015 - A. Apvrille 7/26

  14. Where fitness data goes to “Higi announced [..] the launching of its industry-leading, privacy-protected and secure API” - Source: PR News “AchieveMint previously partnered with the Brooklyn Nets basketball team to encourage users in Brooklyn and 75 miles around it to earn special rewards, such as VIP tickets to the draft or Various reward programs signed merchandise.” - Source: Mashable Other Examples Nest (thermostat) and Beam (toothbrushes) are sharing with Sales forces, insurances, insurances sponsors... Hack.lu 2015 - A. Apvrille 8/26

  15. Alternate usages to your tracker What can you do with your (beloved) fitness tracker without sending anything to Fitbit (or other) servers? Hack.lu 2015 - A. Apvrille 9/26

  16. Four alternate geek usages 1. Impress young kids with magician talent 2. Impress a scientist with a RNG 3. Impress a hacker friend with a screen saver 4. Impress security researchers with a scary attack “This can of green pees? I’m going to turn it into caviar!” Hack.lu 2015 - A. Apvrille 10/26

  17. Geek no.1: Impress (very) young kids with magician talent Proprietary! No technical user/ developer/ contributor documentation Everything has to be reverse engineered Display Code c0 06 00 .. 00 02 ◮ c0 : control packet, for the tracker ◮ 06 : command id - Display Code ◮ 02 : useful length for packet Hack.lu 2015 - A. Apvrille 11/26

  18. Blinking LEDs Endpoint 0x01 Hack.lu 2015 - A. Apvrille 12/26

  19. Blinking LEDs Endpoint 0x01 C0 06 00 ... 02 Hack.lu 2015 - A. Apvrille 12/26

  20. Geek no.2 Impress a scientist with a RNG We always lack sources of entropy, don’t we? Use authentication packets Funny! Flex supports authentication messages, but it’s a passthru if ( !isencrypted || (TrackerAuthUtils.checkMac(...)) { if (!isencrypted) { MySystemLog.log("TrackerAuthCommand", "Tracker is not encrypted, we just assume it\’s authed"); } ... Hack.lu 2015 - A. Apvrille 13/26

  21. Flex authentication Dongle Tracker(s) C0 50 LocalRandom Client Challenge C0 51 TrackerChallenge SeqNum Auth Chal Resp C0 52 ComputedMAC ... Response to Challenge Implement a Flex-based RNG ◮ Send a dummy local random (C0 50) ◮ Wait for tracker’s response: 8-byte challenge ◮ Never send last message (C0 52) Hack.lu 2015 - A. Apvrille 14/26

  22. Is it (really) random??? Description Entropy Chi- Mean Monte- Dieharder square Carlo Pi failed error tests Target 8 10- 127.5 0% 0 90% Victor Hugo 4.6 0.01% 99 27% 2 weak Linux PRNG 8 75% 127 0.57% 0 /dev/urandom AES ciphertext 8 50% 128 0.50% Fitbit tracker 8 75% 127 0.36% 3 weak Radioactive de- 41% 0.06% cay events Hack.lu 2015 - A. Apvrille 15/26

  23. Tracker RNG: conclusion I would not use it for crypto It does not look notably worse than Linux’s standard RNG Hack.lu 2015 - A. Apvrille 16/26

  24. Geek no.3 Impress a hacker friend with a screen saver How to keep your laptop secure from curious eyes? Screen lock ◮ See Matias Katz, “Backdooring X11 with much class and no privilege” ◮ Use the Fitbit USB dongle! ◮ Rely on udev DEMO Hack.lu 2015 - A. Apvrille 17/26

  25. Better: lock with the tracker Discover: MAC Addr, RSSI... Lock the screen when you move away from your laptop How? Discovery responses: 1. the tracker’s ID - this is its Bluetooth MAC address 2. and the Received Signal Strength Indication Hack.lu 2015 - A. Apvrille 18/26

  26. Plotting RSSI Close to dongle Hand around tracker Moved 5m Next door Moved 3m In my pocket Hack.lu 2015 - A. Apvrille 19/26

  27. Trackerlock demo Trackerlock $ python trackerlock.py --delay 1 --movement 15 Getting list of available trackers... 1- TrackerId: 09 73 78 63 f7 f3 AddrType: 1 RSSI: 190 Attr: 02 07 SUUID: 00 fb Select tracker’s num: 1 Tracker has moved away!!! (RSSI=186) Demo Hack.lu 2015 - A. Apvrille 20/26

  28. Geeky no.4: Scare a Security Researcher For Good .. or for Bad Good: Digital Tatoo Hack.lu 2015 - A. Apvrille 21/26

  29. Geeky no.4: Scare a Security Researcher For Good .. or for Bad Good: Digital Tatoo I LOVE YOU ! Tatoo Hack.lu 2015 - A. Apvrille 21/26

  30. Geeky no.4: Scare a Security Researcher For Good .. or for Bad Good: Digital Tatoo XX ... Hack.lu 2015 - A. Apvrille 21/26

  31. Geeky no.4: Scare a Security Researcher For Good .. or for Bad Good: Digital Tatoo ...I LOVE YOU ! Tatoo response Hack.lu 2015 - A. Apvrille 21/26

  32. Danger: What if Tatoo is Malicious Code? Attacker Victim’s laptop Hack.lu 2015 - A. Apvrille 22/26

  33. Danger: What if Tatoo is Malicious Code? INJECTED MALICIOUS CODE Tracker is infected Attacker Victim’s laptop Hack.lu 2015 - A. Apvrille 22/26

  34. Danger: What if Tatoo is Malicious Code? INJECTED MALICIOUS CODE Tracker DISCOVERY is infected Attacker Victim’s laptop Hack.lu 2015 - A. Apvrille 22/26

  35. Danger: What if Tatoo is Malicious Code? INJECTED MALICIOUS CODE Tracker DISCOVERY is infected Attacker E D O C S Victim’s laptop U O I C I L A M Hack.lu 2015 - A. Apvrille 22/26

  36. Danger: What if Tatoo is Malicious Code? INJECTED MALICIOUS CODE Tracker DISCOVERY is infected Attacker E D O C S Victim’s laptop U O I C I L A M Deliver malicious payload: crash, propagate... Hack.lu 2015 - A. Apvrille 22/26

  37. Video Hack.lu 2015 - A. Apvrille 23/26

  38. Digital Tatoo / Infection: Limitations 1. Max 17 bytes. Is that enough? Yes : Crash Pentium Trojan (2004): 4 bytes Hack.lu 2015 - A. Apvrille 24/26

  39. Digital Tatoo / Infection: Limitations 1. Max 17 bytes. Is that enough? Yes : Crash Pentium Trojan (2004): 4 bytes 2. Execute/Deliver code on target: we did not handle this! Hack.lu 2015 - A. Apvrille 24/26

  40. Digital Tatoo / Infection: Limitations 1. Max 17 bytes. Is that enough? Yes : Crash Pentium Trojan (2004): 4 bytes 2. Execute/Deliver code on target: we did not handle this! 3. Fitbit patches Hack.lu 2015 - A. Apvrille 24/26

  41. Interesting links ◮ Galileo - https://bitbucket.org/benallard/galileo ◮ Rahman et al. Fit and Vulnerable: Attacks and Defenses for a Health Monitoring Device, CoRR, 2013. ◮ Fitbit Flex Teardown. http://ifixit.org/blog/5042/fitbit-flex-teardown/ ◮ Matias Katz - Backdooring X11 with much class and no privileges, Hack in Paris 2015 ◮ My my Fitbit tools repository on GitHub ◮ My presentation at Hack in Paris 2015 ◮ My own humoristic drawings Pico le croco ◮ Link to satisfaction form: http://bit.ly/1KUkjaB Hack.lu 2015 - A. Apvrille 25/26

  42. Thanks for your attention! Contact info @cryptax or aapvrille (at) fortinet (dot) com http://bit.ly/1KUkjaB Thanks to Ludovic Apvrille, Aur´ elien Francillon and Matias Katz Hack.lu 2015 - A. Apvrille 26/26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

BlazeDS by John Mason mason@fusionlink.com Flex Meetup - we meet once a month - all

BlazeDS by John Mason mason@fusionlink.com Flex Meetup - we meet once a month - all

BlazeDS by John Mason mason@fusionlink.com Flex Meetup - we meet once a month - all meetings are held over Adobe Connect sessions - all meetings will be recorded and posted to Charlie Arehart's UGTV - www.carehart.org/ugtv Next

400 views • 18 slides
Fieldworks Language Explorer (FLEx) 2019 Linguistic Institute Colleen Fitzgerald

Fieldworks Language Explorer (FLEx) 2019 Linguistic Institute Colleen Fitzgerald

Fieldworks Language Explorer (FLEx) 2019 Linguistic Institute Colleen Fitzgerald Organization Overview of FLEx functions (and gaps) A sampling of projects created using FLEx. Resources Snapshot of FLEx for lexical and text

1.23k views • 37 slides
Flex RA PG&E Alternative Proposal December 20, 2012 1 12/20/12 Flex RA PG&E

Flex RA PG&E Alternative Proposal December 20, 2012 1 12/20/12 Flex RA PG&E

Flex RA PG&E Alternative Proposal December 20, 2012 1 12/20/12 Flex RA PG&E Alternative Key Summary Retains / Adopts most of CAISO proposal Adding A daily energy limit provision (mwh/day) with 6 hours/day

292 views • 7 slides
The Flex Program: Looking Ahead January 18, 2018 Sarah Young Flex Program Coordinator Federal

The Flex Program: Looking Ahead January 18, 2018 Sarah Young Flex Program Coordinator Federal

The Flex Program: Looking Ahead January 18, 2018 Sarah Young Flex Program Coordinator Federal Office of Rural Health Policy (FORHP) Health Resources and Services Administration (HRSA) Purpose of todays webinar Understand plans for Flex

572 views • 23 slides
2018-2019 TEAM APPAREL Flex Jacket Flex Pant SR: $69.00 SR: $52.00 YTH: $65.50 YTH: $47.50

2018-2019 TEAM APPAREL Flex Jacket Flex Pant SR: $69.00 SR: $52.00 YTH: $65.50 YTH: $47.50

2018-2019 TEAM APPAREL Flex Jacket Flex Pant SR: $69.00 SR: $52.00 YTH: $65.50 YTH: $47.50 *includes embroidered left chest logo *includes embroidered right leg logo Flex jacket and pants also available in navy, red and blue. SR sizes

141 views • 11 slides
What's Happening in the What's Happening in the Apache Flex Project Apache Flex Project Flex

What's Happening in the What's Happening in the Apache Flex Project Apache Flex Project Flex

What's Happening in the What's Happening in the Apache Flex Project Apache Flex Project Flex Code is not just ActionScript Flex Code is not just ActionScript Agenda Brief Introduction to Me Brief Introduction to Flex Overview

370 views • 19 slides
Housekeeping items Dont forget. In order to receive FLEX credit, you must complete the

Housekeeping items Dont forget. In order to receive FLEX credit, you must complete the

Housekeeping items Dont forget. In order to receive FLEX credit, you must complete the following: 1. If you are Faculty and have not yet registered for this workshop, visit your flex contract and register for FLEX #99186 before midnight today

540 views • 22 slides
Introduction to lex (or flex) Some slides borrowed from M Scherger Lex/Flex: A Scanner Generator

Introduction to lex (or flex) Some slides borrowed from M Scherger Lex/Flex: A Scanner Generator

Introduction to lex (or flex) Some slides borrowed from M Scherger Lex/Flex: A Scanner Generator in C Regular Expression Thomsons Construction Nondeterministic Finite Automaton Subset Construction Deterministic Finite

529 views • 42 slides
Your flexible benefits plan February 2015 Agenda Overview of the CT Flex benefits plan

Your flexible benefits plan February 2015 Agenda Overview of the CT Flex benefits plan

CT Flex Your flexible benefits plan February 2015 Agenda Overview of the CT Flex benefits plan How the CT Flex benefits plan works Review of CT Flex Benefits coverage & options Paying for your CT Flex benefits Options for

331 views • 22 slides
CONNECT DigitRadio Flex The DigitRadio Flex is a portable digital DAB+/FM radio with Bluetooth

CONNECT DigitRadio Flex The DigitRadio Flex is a portable digital DAB+/FM radio with Bluetooth

CONNECT DigitRadio Flex The DigitRadio Flex is a portable digital DAB+/FM radio with Bluetooth and USB charging functionality in great design with ideal usability thanks to 220V adapter/holder. DAB+/DR+ digital radio RDS-PLL FM radio

645 views • 42 slides
Welcome to the Resilient Researcher Flex and Adapt webinar In the drop down menu above where you

Welcome to the Resilient Researcher Flex and Adapt webinar In the drop down menu above where you

29/04/2020 Welcome to the Resilient Researcher Flex and Adapt webinar In the drop down menu above where you type into Flex and adapt: Managing priorities in a chat, please select changing environment To: All panellists and attendees

100 views • 7 slides
Flex your Flex your InfoSec InfoSec muscles! muscles! Zuzana Bitterova Zuzana Bitterova

Flex your Flex your InfoSec InfoSec muscles! muscles! Zuzana Bitterova Zuzana Bitterova

Flex your Flex your InfoSec InfoSec muscles! muscles! Zuzana Bitterova Zuzana Bitterova This presentation is about Passion This presentation is NOT about Embracing change how to become an expert in the information security area

975 views • 49 slides
A Validation and Reliability Study of the Fitbit Alta HR Activity Tracker Pilot Study Carolina

A Validation and Reliability Study of the Fitbit Alta HR Activity Tracker Pilot Study Carolina

A Validation and Reliability Study of the Fitbit Alta HR Activity Tracker Pilot Study Carolina Digital Health Research Initiative Gayatri Rathod Biomedical and Health Informatics MPS Candidate University of North Carolina at Chapel Hill 0 0

396 views • 20 slides
Creating the Final Link: Writing Demonstrable Outcomes Kayla Combs, Flex Director Kentucky

Creating the Final Link: Writing Demonstrable Outcomes Kayla Combs, Flex Director Kentucky

Creating the Final Link: Writing Demonstrable Outcomes Kayla Combs, Flex Director Kentucky Office of Rural Health Flex Grant Examples Outcome Measures ORHP Required Measures Flex Grant Examples What Can Help to Keep Track? Sign in

332 views • 9 slides
summary company profile hardware: the FLEX boards ERIKA Enterprise RTOS

summary company profile hardware: the FLEX boards ERIKA Enterprise RTOS

Flex: an open platform for embedded system prototyping WIRTES 07, July 2, 2007 www.es-online.it www.evidence.eu.com summary company profile hardware: the FLEX boards ERIKA Enterprise RTOS Scilab/Scicos automatic code

327 views • 8 slides
US US-23 F 3 Flex x Rout ute Co Cost-Bene nefit Stephanie Palmer, P.E. University Region

US US-23 F 3 Flex x Rout ute Co Cost-Bene nefit Stephanie Palmer, P.E. University Region

US US-23 F 3 Flex x Rout ute Co Cost-Bene nefit Stephanie Palmer, P.E. University Region Traffic Safety & Operations Engineer Michigan Department of Transportation US US-23 F 23 Flex x Rout oute Located North of Ann Arbor

250 views • 12 slides
FLEXBOX la y ou t conten t dynamicall y WHAT IS FLEXBOX? Flexbox is a layout model which aims to

FLEXBOX la y ou t conten t dynamicall y WHAT IS FLEXBOX? Flexbox is a layout model which aims to

CS 498RK SPRING 2019 FLEXBOX la y ou t conten t dynamicall y WHAT IS FLEXBOX? Flexbox is a layout model which aims to make it easier to lay out and align elements dynamically. Main Idea: Containers have the ability to adjust their content

663 views • 17 slides
Bootstrap Shan-Hung Wu CS, NTHU Landing Page HTML/CSS taught so far Bootstrap 4 (alpha

Bootstrap Shan-Hung Wu CS, NTHU Landing Page HTML/CSS taught so far Bootstrap 4 (alpha

Bootstrap Shan-Hung Wu CS, NTHU Landing Page HTML/CSS taught so far Bootstrap 4 (alpha 6) for the responsive grid layout and components Font Awesome for vector icons Balsamiq Mockups for UI mockups Google Forms for user

933 views • 43 slides
flowDensity Automated gating of pre-defined cell populations Cell subset identification

flowDensity Automated gating of pre-defined cell populations Cell subset identification

flowDensity Automated gating of pre-defined cell populations Cell subset identification based on the density distribution of the parent cell population by analyzing the peaks of the density curve 2D sequential gating similar to the

165 views • 13 slides
Welcome! Thank you for joining todays webinar: Creating an Optimized Market for Connected

Welcome! Thank you for joining todays webinar: Creating an Optimized Market for Connected

Welcome! Thank you for joining todays webinar: Creating an Optimized Market for Connected Smart Energy Systems If you have a question please use the question box located on the right side of your screen. Questions for our speaker

728 views • 36 slides
Status of Fukushima Lessons July 31, 2014 David Lochbaum Director, Nuclear Safety Project Union

Status of Fukushima Lessons July 31, 2014 David Lochbaum Director, Nuclear Safety Project Union

Status of Fukushima Lessons July 31, 2014 David Lochbaum Director, Nuclear Safety Project Union of Concerned Scientists www.ucsusa.org Status to date * Good My focus today will be on the mitigating strategies order. Many themes are

297 views • 26 slides
affine flexes, steven gortler joint with bob connelly. and louis theran. given a graph G

affine flexes, steven gortler joint with bob connelly. and louis theran. given a graph G

affine flexes, steven gortler joint with bob connelly. and louis theran. given a graph G with n vertices and m edges. given a framework ( G, p ) in E d with full span. def: the framework admits an affine flex if there is a d-

563 views • 17 slides
State of Oregon Flexible Spending and Commuter Accounts CORRECTIONS!!!! Presented by: Linda

State of Oregon Flexible Spending and Commuter Accounts CORRECTIONS!!!! Presented by: Linda

State of Oregon Flexible Spending and Commuter Accounts CORRECTIONS!!!! Presented by: Linda Freeze What are FSAs? Flexible Spending Accounts Year-to-year account Set aside pretax dollars Pay for current year expected expenses

637 views • 29 slides
An Introduction To Apache Flex Justin Mclean Class Software Email: justin@classsoftware.com

An Introduction To Apache Flex Justin Mclean Class Software Email: justin@classsoftware.com

An Introduction To Apache Flex Justin Mclean Class Software Email: justin@classsoftware.com Twitter: @justinmclean Blog: http://blog.classsoftware.com Who am I? Programming for 25 years Developing and creating web applications for 15

452 views • 31 slides

More recommend