Owners of Fitbit's Aria internet-connected smart scales are being advised to install a firmware patch following the discovery of critical security flaws.
Tavis Ormandy of Google's Project Zero was credited with finding the vulnerabilities in the Wi-Fi cyber-scales. While Fitbit isn't providing specific details on the nature of the flaws, it says that, in general, "critical" issues are those which "if exploited could allow attacker-supplied code to gain unrestricted access and potentially go undetected by the customer."
Fitbit is right now pushing out the critical patch, and folks are advised to update their Aria scale firmware as soon as possible to prevent attacks. The scales should automatically get the update within the next few days, though their owners can also check for updates through the FitBit dashboard tool.
In addition to weight, the Aria also logs and transmits information on the user's body fat percentage and body mass index (BMI) to Fitbit's cloud. The data is then synched with the user's online FitBit profile. Apparently, the scale hack isn't weighing too heavily on the mind of Ormandy.
In a statement, Fitbit told:
While a scale hack is a relatively lightweight issue, it opens up the long-standing fears over security flaws in the bloating ranks of Internet of Things hardware. With more companies hooking their appliances up to the internet, security researchers are finding tons of new holes in connected devices that allow for everything from the remote control of appliances to the ability to siphon off personal information. The issue has become so heavy that the US government has had to weigh in on the matter and offer its own recommendations.