Fitbit's Aria internet-connected scale can be hacked
These days more and more items around our homes are connected to the internet. In theory, this sounds like a great idea, and it can be -- providing it is implemented correctly, meaning in a secure way. In practice, however, that isn't always the case. We've seen endless stories of what can go wrong, even Barbie dolls turned bad.
Scales are probably one of the last things you'd expect to be connected. Actually, though, that innovation came several years ago with a scale that tweeted your weight -- a great way of shaming you into continuing that diet and exercise program.
Now Fitbit is aiding with the fitness of people and, to go with it, you can get its Aria connected scale. However, it was recently found that the scale could be hacked. The company soon released a firmware update to sort out the problem.
Google's Tavis Ormandy discovered the flaw and reported it to Fitbit, but didn't reveal to the public what it was. He did tweet to everyone that "I found a critical issue in a bathroom scale".
The scale transmits information such as weight, body fat percentage and body mass index back to the company in order to be used in an online fitness profile.
The company did elaborate a bit in a statement to The Register, saying "a security finding related to the Aria Wi-Fi scale and the way it discovered the location of Fitbit’s servers when being set up or syncing. In technical terms, the scale used a static transaction identifier for DNS requests, which could allow an attacker to trick the scale into synchronizing with a non-Fitbit server".
Updates are being pushed out automatically and all users should have them in a few days. In the grand scheme of things this isn't very serious. It isn't sending real personal information, but it serves as another reminder of the problems faced as we head down the road of the Internet of Things.