When [rbaron] started a new job, he got a goodie bag. The contents included a cheap fitness tracker bracelet that used Bluetooth LE. Since this is Hackaday, you can probably guess what happened next: hacking ensued.
For something cheap enough to give away, [rbaron] claims it cost $10, the device has quite a bit in it. In the very tiny package, there is an OLED display, a battery, a vibration motor, and a Nordic 32-bit ARM with BLE. The FCC ID was key to identifying the device. Opening the case, which was glued down, was pretty difficult, but doable with a hair dryer and a knife.
Continue reading “Hacking a Fitness Tracker”
People who exercise with fitness trackers have a digital record of their workouts. They do it for a wide range of reasons, from gathering serious medical data to simply satisfying curiosity. When fitness data includes GPS coordinates, it raises personal privacy concerns. But even with individual data removed, such data was still informative enough to spill the beans on secretive facilities around the world.
This past weekend, [Nathan Ruser] announced on Twitter that Strava’s heatmap also managed to highlight exercise activity by military/intelligence personnel around the world, including some suspected but unannounced facilities. More worryingly, some of the mapped paths imply patrol and supply routes, knowledge security officers would prefer not to be shared with the entire world.
This is an extraordinary blunder which very succinctly illustrates a folly of Internet of Things. Strava’s anonymized data sharing obsfucated individuals, but didn’t manage to do the same for groups of individuals… like the fitness-minded active duty military personnel whose workout habits are clearly defined on these heat maps. The biggest contributor (besides wearing a tracking device in general) to this situation is that the data sharing is enabled by default and must be opted-out:
“You can opt-out of contributing your anonymized public activity data to Strava Metro and the Heatmap by unchecking the box in this section.” —Strava Blog, July 2017
We’ve seen individual fitness trackers hacked and we’ve seen people tracked through controlled domains before, but the global scope of [Nathan]’s discovery puts it in an entirely different class.
[via Washington Post]
[Mikhail] sent us a teaser video for a hack he’d done (embedded below). He takes a Bluetooth LE fitness tracker dongle and reflashes it spit out the raw accelerometer data and trigger events. He then wrote a phone app that receives the data and uses the device as an alarm, an on/off switch, a data-logging device, and more.
We thought it was cool enough that we asked [Mikhail] for more detail, and he delivered in spades! Inside the device is a Nordic NRF51822, their ARM Cortex + Bluetooth chip, an accelerometer, and a bunch of LEDs. [Mikhail] mapped out the programming headers, erased the old flash, and re-filled it with his own code. He even added over-the-air DFU re-flashing capability so that he wouldn’t have to open up the case again.
Continue reading “Custom Firmware Unlocks Fitness Tracker”
A group of developers have uploaded a tutorial on Instructables showing the steps needed to develop a homemade DIY fitness tracker. The design is the second iteration of an Arduino-based wearable smart watch project of theirs. This time around, they opted to focus more on the monitoring system rather than a visual display. It is called the ‘RetroBand’ and records steps taken and calories burned by the user.
The microcontroller used is an Arduino Pro mini 3.3v. Accelerometer and gyro sensors were integrated to capture the movement of the ‘RetroBand.’ A wireless bluetooth module connects to an Android phone which presents the data through a Play Store app complete with graphs included. An enclosure was 3D printed. Everything is powered by a one cell Lithum-Polymer battery. The code for the project can be found on Github, and additional information with a how-to manual is on their website (which is in Korean, but can easily be translated through the browser).