Custom Firmware For Cheap Fitness Trackers

The concept of wearable hardware is an enticing one, but it can be difficult to tackle for the first-time maker. While many of us are experienced at designing PCBs and soldering up arcane gadgets, interfacing with the soft and fleshy human form can present unforeseen difficulties. There’s a way around that, of course – leveraging an existing platform where someone else has already done the work. That’s precisely what [Aaron Christophel] has done, by reverse engineering and developing custom firmware for cheap fitness trackers (Google Translate).

The first part of [Aaron]’s work consisted of research and disassembly. After purchasing a wide variety of fitness trackers online, he eventually came across his favored unit, the Tracker I6HRC by IWOWNFIT. This features an NRF52832 microcontroller, as well as an IPS display, some Flash storage, and a vibration motor. Connectivity is handled over Bluetooth Low Energy. [Aaron] particularly rates it for the well-made case that can be disassembled without damage, and the spare USB 2.0 pads on the board which can be used to program the device over the SWD interface.

[Aaron] has developed an Arduino-compatible firmware which is discussed further in a forum post.  Most of the peripherals on board have been explored, and reducing power consumption is a current area of active development.

Firmware hacks are always fun – have you considered giving your TV a custom boot screen? Have a FitBit original instead of the clone? There’s a hack for that too.

[Thanks to Jim for the tip!]

Hacking A Fitness Tracker

When [rbaron] started a new job, he got a goodie bag. The contents included a cheap fitness tracker bracelet that used Bluetooth LE. Since this is Hackaday, you can probably guess what happened next: hacking ensued.

For something cheap enough to give away, [rbaron] claims it cost $10, the device has quite a bit in it. In the very tiny package, there is an OLED display, a battery, a vibration motor, and a Nordic 32-bit ARM with BLE. The FCC ID was key to identifying the device. Opening the case, which was glued down, was pretty difficult, but doable with a hair dryer and a knife.

Continue reading “Hacking A Fitness Tracker”

Opt-Out Fitness Data Sharing Leads To Massive Military Locations Leak

People who exercise with fitness trackers have a digital record of their workouts. They do it for a wide range of reasons, from gathering serious medical data to simply satisfying curiosity. When fitness data includes GPS coordinates, it raises personal privacy concerns. But even with individual data removed, such data was still informative enough to spill the beans on secretive facilities around the world.

Strava is a fitness tracking service that gathers data from several different brands of fitness tracker — think Fitbit. It gives athletes a social media experience built around their fitness data: track progress against personal goals and challenge friends to keep each other fit. As expected of companies with personal data, their privacy policy promised to keep personal data secret. In the same privacy policy, they also reserved the right to use the data shared by users in an “aggregated and de-identified” form, a common practice for social media companies. One such use was to plot the GPS data of all their users in a global heatmap. These visualizations use over 6 trillion data points and can be compiled into a fascinating gallery, but there’s a downside.

This past weekend, [Nathan Ruser] announced on Twitter that Strava’s heatmap also managed to highlight exercise activity by military/intelligence personnel around the world, including some suspected but unannounced facilities. More worryingly, some of the mapped paths imply patrol and supply routes, knowledge security officers would prefer not to be shared with the entire world.

This is an extraordinary blunder which very succinctly illustrates a folly of Internet of Things. Strava’s anonymized data sharing obsfucated individuals, but didn’t manage to do the same for groups of individuals… like the fitness-minded active duty military personnel whose workout habits are clearly defined on these heat maps. The biggest contributor (besides wearing a tracking device in general) to this situation is that the data sharing is enabled by default and must be opted-out:

“You can opt-out of contributing your anonymized public activity data to Strava Metro and the Heatmap by unchecking the box in this section.” —Strava Blog, July 2017

We’ve seen individual fitness trackers hacked and we’ve seen people tracked through controlled domains before, but the global scope of [Nathan]’s discovery puts it in an entirely different class.

[via Washington Post]

Custom Firmware Unlocks Fitness Tracker

[Mikhail] sent us a teaser video for a hack he’d done (embedded below). He takes a Bluetooth LE fitness tracker dongle and reflashes it spit out the raw accelerometer data and trigger events. He then wrote a phone app that receives the data and uses the device as an alarm, an on/off switch, a data-logging device, and more.

bottom_draw

We thought it was cool enough that we asked [Mikhail] for more detail, and he delivered in spades! Inside the device is a Nordic NRF51822, their ARM Cortex + Bluetooth chip, an accelerometer, and a bunch of LEDs. [Mikhail] mapped out the programming headers, erased the old flash, and re-filled it with his own code. He even added over-the-air DFU re-flashing capability so that he wouldn’t have to open up the case again.

Continue reading “Custom Firmware Unlocks Fitness Tracker”

Homemade Activity Monitor

A group of developers have uploaded a tutorial on Instructables showing the steps needed to develop a homemade DIY fitness tracker. The design is the second iteration of an Arduino-based wearable smart watch project of theirs. This time around, they opted to focus more on the monitoring system rather than a visual display. It is called the ‘RetroBand’ and records steps taken and calories burned by the user.

The microcontroller used is an Arduino Pro mini 3.3v. Accelerometer and gyro sensors were integrated to capture the movement of the ‘RetroBand.’ A wireless bluetooth module connects to an Android phone which presents the data through a Play Store app complete with graphs included. An enclosure was 3D printed. Everything is powered by a one cell Lithum-Polymer battery. The code for the project can be found on Github, and additional information with a how-to manual is on their website (which is in Korean, but can easily be translated through the browser).