"Fitbit Spyware Steals Personal Data via Watch Face"

Using the Fitbit application API, Kev Breen, the director of cyber research for Immersive Labs, built a malicious Fitbit application. This app contains spyware that can steal user information such as gender, age, heart rate, and weight, as well as calendar information, which could expose names and locations. Breen also demonstrated the abuse of Fitbit's fetch API to turn the malicious app into a primitive network scanner, posing a  threat to the enterprise as it could identify and access routers, firewalls, and more. The app was made available through the Fitbit Gallery at which various third-party and in-house apps are showcased. This article continues to discuss the development, capabilities, and delivery of the malicious Fitbit app, and Fitbit's response to this research. 

Threatpost reports "Fitbit Spyware Steals Personal Data via Watch Face"