{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T12:47:35Z","timestamp":1776084455873,"version":"3.50.1"},"reference-count":50,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2018,3,26]],"date-time":"2018-03-26T00:00:00Z","timestamp":1522022400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Interact. Mob. Wearable Ubiquitous Technol."],"published-print":{"date-parts":[[2018,3,26]]},"abstract":"<jats:p>Fitbit fitness trackers record sensitive personal information, including daily step counts, heart rate profiles, and locations visited. By design, these devices gather and upload activity data to a cloud service, which provides aggregate statistics to mobile app users. The same principles govern numerous other Internet-of-Things (IoT) services that target different applications. As a market leader, Fitbit has developed perhaps the most secure wearables architecture that guards communication with end-to-end encryption. In this article, we analyze the complete Fitbit ecosystem and, despite the brand's continuous efforts to harden its products, we demonstrate a series of vulnerabilities with potentially severe implications to user privacy and device security. We employ a range of techniques, such as protocol analysis, software decompiling, and both static and dynamic embedded code analysis, to reverse engineer previously undocumented communication semantics, the official smartphone app, and the tracker firmware. Through this interplay and in-depth analysis, we reveal how attackers can exploit the Fitbit protocol to extract private information from victims without leaving a trace, and wirelessly flash malware without user consent. We demonstrate that users can tamper with both the app and firmware to selfishly manipulate records or circumvent Fitbit's walled garden business model, making the case for an independent, user-controlled, and more secure ecosystem. Finally, based on the insights gained, we make specific design recommendations that can not only mitigate the identified vulnerabilities, but are also broadly applicable to securing future wearable system architectures.<\/jats:p>","DOI":"10.1145\/3191737","type":"journal-article","created":{"date-parts":[[2018,3,27]],"date-time":"2018-03-27T12:06:45Z","timestamp":1522152405000},"page":"1-24","update-policy":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":54,"title":["Anatomy of a Vulnerable Fitness Tracking System"],"prefix":"10.1145","volume":"2","author":[{"given":"Jiska","family":"Classen","sequence":"first","affiliation":[{"name":"TU Darmstadt, Germany"}]},{"given":"Daniel","family":"Wegemer","sequence":"additional","affiliation":[{"name":"TU Darmstadt, Germany"}]},{"given":"Paul","family":"Patras","sequence":"additional","affiliation":[{"name":"University of Edinburgh, Scotland, UK"}]},{"given":"Tom","family":"Spink","sequence":"additional","affiliation":[{"name":"University of Edinburgh, Scotland, UK"}]},{"given":"Matthias","family":"Hollick","sequence":"additional","affiliation":[{"name":"TU Darmstadt, Germany"}]}],"member":"320","published-online":{"date-parts":[[2018,3,26]]},"reference":[{"key":"e_1_2_2_1_1","volume-title":"November","year":"2017","unstructured":"Statista. Statistics 8 facts on wearable technology, November 2017."},{"key":"e_1_2_2_2_1","volume-title":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/www.pwc.com\/ee\/et\/publications\/pub\/pwc-cis-wearables.pdf","author":"C. The Wearable","year":"2016","unstructured":"PwC. The Wearable Life 2.0. https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/www.pwc.com\/ee\/et\/publications\/pub\/pwc-cis-wearables.pdf, 2016."},{"key":"e_1_2_2_3_1","volume-title":"Financial Times","author":"Twentyman Jessica","year":"2016","unstructured":"Jessica Twentyman. Wearable devices aim to reduce workplace accidents. Financial Times, June 2016."},{"key":"e_1_2_2_4_1","volume-title":"The Guardian","author":"Lartey Jamiles","year":"2017","unstructured":"Jamiles Lartey. Man suspected in wife's murder after her Fitbit data doesn't match his alibi. The Guardian, April 2017."},{"key":"e_1_2_2_5_1","unstructured":"IDC. Worldwide quarterly wearable device tracker August 2017."},{"key":"e_1_2_2_6_1","volume-title":"November","year":"2017","unstructured":"Fitbit. Q3'T7 earning summary, November 2017."},{"key":"e_1_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2187836.2187879"},{"key":"e_1_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2016.2548426"},{"key":"e_1_2_2_9_1","volume-title":"AV-TEST Analysis of Fitbit Vulnerabilities. https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/www.av-test.org\/fileadmin\/pdf\/avtest_2016-04_fitbit_vulnerabilities.pdf","author":"Clausing Eric","year":"2016","unstructured":"Eric Clausing, Michael Schiefer, and Maik Morgenstern. AV-TEST Analysis of Fitbit Vulnerabilities. https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/www.av-test.org\/fileadmin\/pdf\/avtest_2016-04_fitbit_vulnerabilities.pdf, 2016."},{"key":"e_1_2_2_10_1","volume-title":"Every Step You Fake: A Comparative Analysis of Fitness Tracker Privacy and Security","author":"Hilts A.","year":"2016","unstructured":"A. Hilts, C. Parsons, and J. Knockel. Every Step You Fake: A Comparative Analysis of Fitness Tracker Privacy and Security. 2016."},{"key":"e_1_2_2_11_1","volume-title":"Proceedings of the 13th Privacy Enhancing Technologies Symposium (PETS)","author":"Rahman Mahmudur","year":"2013","unstructured":"Mahmudur Rahman, Bogdan Carbunar, and Madhusudan Banik. Fit and Vulnerable: Attacks and Defenses for a Health Monitoring Device. In Proceedings of the 13th Privacy Enhancing Technologies Symposium (PETS), Bloomington, Indiana, USA, July 2013."},{"key":"e_1_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2851613.2851685"},{"key":"e_1_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66332-6_3"},{"key":"e_1_2_2_14_1","volume-title":"Attacks on Fitness Trackers Revisited: A Case-Study of Unfit Firmware Security. CoRR, abs\/1604.03313","author":"Rieck Jakob","year":"2016","unstructured":"Jakob Rieck. Attacks on Fitness Trackers Revisited: A Case-Study of Unfit Firmware Security. CoRR, abs\/1604.03313, 2016."},{"key":"e_1_2_2_15_1","volume-title":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/github.com\/seemoo-lab\/fitness-app","author":"Fitbit Fitness App Open Source","year":"2018","unstructured":"Open Source Fitbit Fitness App. https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/github.com\/seemoo-lab\/fitness-app, 2018."},{"key":"e_1_2_2_16_1","volume-title":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/github.com\/seemoo-lab\/fitness-firmware","author":"Fitbit Fitness Firmware Modifications Open Source","year":"2018","unstructured":"Open Source Fitbit Fitness Firmware Modifications. https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/github.com\/seemoo-lab\/fitness-firmware, 2018."},{"key":"e_1_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3132024"},{"key":"e_1_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3130919"},{"key":"e_1_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCICCT.2015.7475301"},{"key":"e_1_2_2_20_1","volume-title":"All your bulbs are belong to us: Investigating the current state of security in connected lighting systems. CoRR, abs\/1608.03732","author":"Morgner Philipp","year":"2016","unstructured":"Philipp Morgner, Stephan Mattejat, and Zinaida Benenson. All your bulbs are belong to us: Investigating the current state of security in connected lighting systems. CoRR, abs\/1608.03732, 2016."},{"key":"e_1_2_2_21_1","volume-title":"October","author":"Zaikin Roman","year":"2017","unstructured":"Roman Zaikin, Dikla Barda, and Oded Vanunu. HomeHack: How Hackers Could Have Taken Control of LG's IoT Home Appliances. Available at: https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/blog.checkpoint.com\/2017\/10\/26\/homehack-how-hackers-could-have-taken-control-of-lgs-iot-home-appliances\/, October 2017."},{"key":"e_1_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/CHASE.2017.54"},{"key":"e_1_2_2_23_1","unstructured":"What's changed in the latest Fitbit device update? https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/help.fitbit.com\/articles\/en_US\/Help_article\/1372 2018."},{"key":"e_1_2_2_24_1","volume-title":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/bitbucket.org\/benallard\/galileo\/","year":"2017","unstructured":"Galileo. https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/bitbucket.org\/benallard\/galileo\/, 2017."},{"key":"e_1_2_2_25_1","volume-title":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/dev.fitbit.com\/reference\/device-api\/sensors\/","author":"Fitbit Sensors","year":"2017","unstructured":"Fitbit Sensors API. https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/dev.fitbit.com\/reference\/device-api\/sensors\/, 2017."},{"key":"e_1_2_2_26_1","volume-title":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/github.com\/pauloborges\/bluez\/blob\/master\/attrib\/gatttool.c","year":"2017","unstructured":"gatttool. https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/github.com\/pauloborges\/bluez\/blob\/master\/attrib\/gatttool.c, 2017."},{"key":"e_1_2_2_27_1","volume-title":"Carlo Meijer, and Joeri de Ruiter. Getting access to your own Fitbit data","author":"Schellevis Maarten","year":"2016","unstructured":"Maarten Schellevis, Bart Jacobs, Carlo Meijer, and Joeri de Ruiter. Getting access to your own Fitbit data. 2016."},{"key":"e_1_2_2_28_1","volume-title":"May","year":"2017","unstructured":"Dany. Fitbit Flex MegaDump and ServerResponse Data Format Description. Available at: https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/www.freelists.org\/post\/galileo\/Fitbit-Flex-MegaDump-and-ServerResponse-Data-Format-Description, May 2017."},{"key":"e_1_2_2_29_1","volume-title":"closed, binary Android apps. https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/ibotpeaches.github.io\/Apktool\/","author":"A","year":"2017","unstructured":"Apktool---A tool for reverse engineering 3rd party, closed, binary Android apps. https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/ibotpeaches.github.io\/Apktool\/, 2017."},{"key":"e_1_2_2_30_1","volume-title":"Fitbit Flex MegaDump and ServerResponse Data Format Description. Galileo Mailing List https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/www.freelists.org\/post\/galileo\/Fitbit-Flex-MegaDump-and-ServerResponse-Data-Format-Description","year":"2017","unstructured":"Dany. Fitbit Flex MegaDump and ServerResponse Data Format Description. Galileo Mailing List https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/www.freelists.org\/post\/galileo\/Fitbit-Flex-MegaDump-and-ServerResponse-Data-Format-Description, 2017."},{"key":"e_1_2_2_31_1","volume-title":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/www.hex-rays.com\/","author":"Pro Hex-Rays IDA","year":"2017","unstructured":"Hex-Rays IDA Pro. https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/www.hex-rays.com\/, 2017."},{"key":"e_1_2_2_32_1","volume-title":"www.st.com\/resource\/en\/datasheet\/stm32l151cc.pdf","author":"UC","year":"2017","unstructured":"STM32L141UC datasheet. www.st.com\/resource\/en\/datasheet\/stm32l151cc.pdf, 2017."},{"key":"e_1_2_2_33_1","volume-title":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/www.ifixit.com\/Teardown\/Fitbit+Flex+Teardown\/16050","author":"Fitbit Flex","year":"2017","unstructured":"Fitbit Flex teardown from ifixit.com. https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/www.ifixit.com\/Teardown\/Fitbit+Flex+Teardown\/16050, 2017."},{"key":"e_1_2_2_34_1","unstructured":"nRF8001 Bluetooth Chip Product Specification. https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/http\/www.nordicsemi.com\/eng\/nordic\/download_resource\/17534\/16\/6078997\/2981."},{"key":"e_1_2_2_35_1","volume-title":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/github.com\/adafruit\/Adafruit_nRF8001\/tree\/master\/utility","author":"Adafruit","year":"2017","unstructured":"Adafruit nRF8001. https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/github.com\/adafruit\/Adafruit_nRF8001\/tree\/master\/utility, 2017."},{"key":"e_1_2_2_36_1","volume-title":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/github.com\/libtom\/libtomcrypt","year":"2018","unstructured":"LibTomCrypt. https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/github.com\/libtom\/libtomcrypt, 2018."},{"key":"e_1_2_2_37_1","volume-title":"Maarten committed 3601372: Add a utility to decrypt older dumps. https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/bitbucket.org\/benallard\/galileo\/commits\/3601372658e5e6da271300656d4ec503c5c87ddc","author":"Schellevis Maarten","year":"2017","unstructured":"Maarten Schellevis. Maarten committed 3601372: Add a utility to decrypt older dumps. https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/bitbucket.org\/benallard\/galileo\/commits\/3601372658e5e6da271300656d4ec503c5c87ddc, 2017."},{"key":"e_1_2_2_38_1","volume-title":"Nexmon: The C-based Firmware Patching Framework. https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/nexmon.org","author":"Schulz Matthias","year":"2017","unstructured":"Matthias Schulz, Daniel Wegemer, and Matthias Hollick. Nexmon: The C-based Firmware Patching Framework. https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/nexmon.org, 2017."},{"key":"e_1_2_2_39_1","volume-title":"The GNU Project Debugger. https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/www.gnu.org\/software\/gdb\/","author":"GDB","year":"2017","unstructured":"GDB: The GNU Project Debugger. https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/www.gnu.org\/software\/gdb\/, 2017."},{"key":"e_1_2_2_40_1","volume-title":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/atollic.com\/truestudio\/","author":"Atollic","year":"2017","unstructured":"Atollic TrueSTUDIO. https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/atollic.com\/truestudio\/, 2017."},{"key":"e_1_2_2_41_1","volume-title":"www.st.com\/resource\/en\/reference_manual\/cd00240193.pdf","author":"UC","year":"2017","unstructured":"STM32L141UC reference manual. www.st.com\/resource\/en\/reference_manual\/cd00240193.pdf, 2017."},{"key":"e_1_2_2_42_1","volume-title":"Security Analysis of Wearable Fitness Devices (Fitbit)","author":"Cyr Britt","year":"2014","unstructured":"Britt Cyr, Webb Horn, Daniela Miao, and Michael Specter. Security Analysis of Wearable Fitness Devices (Fitbit). Massachusets Institute of Technology, 2014."},{"key":"e_1_2_2_43_1","volume-title":"AlligatorCon","author":"Reinaldo Hugo","year":"2016","unstructured":"Hugo Reinaldo. Hello Quark! Fitbit firmware reversing (Lessons learned). AlligatorCon, 2016."},{"key":"e_1_2_2_44_1","volume-title":"May","year":"2017","unstructured":"Dany. Fitbit Flex: switching between encrypted and unencrypted mode. Available at: https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/www.freelists.org\/post\/galileo\/Fitbit-Flex-switching-between-encrypted-and-unencrypted-mode, May 2017."},{"key":"e_1_2_2_45_1","volume-title":"March","author":"Apvrille Axelle","year":"2017","unstructured":"Axelle Apvrille. Research on Fitbit Flex. Available at: https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/http\/www.fortiguard.com\/events\/1869\/research-on-fitbit-flex, March 2017."},{"key":"e_1_2_2_46_1","volume-title":"June","author":"Apvrille Axelle","year":"2015","unstructured":"Axelle Apvrille. Fitness Tracker: Hack In Progress. Available at: https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/hackinparis.com\/data\/slides\/2015\/axelle_aprville_hackinparis.pdf, June 2015."},{"key":"e_1_2_2_47_1","volume-title":"October","year":"2015","unstructured":"Forbes. Fitbit Disputes Claim Fitbit Trackers Can Be Hacked And Infect PCs, October 2015."},{"key":"e_1_2_2_48_1","volume-title":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/www.fitbit.com\/de\/setup\/ultra","author":"Setup Fitbit Ultra","year":"2017","unstructured":"Fitbit Ultra Setup. https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/www.fitbit.com\/de\/setup\/ultra, 2017."},{"key":"e_1_2_2_49_1","first-page":"1","volume-title":"Proceedings of the 9th Iberian Conference on Information Systems and Technologies (CISTI)","author":"Zhou Wei","year":"2014","unstructured":"Wei Zhou and Selwyn Piramuthu. Security\/privacy of wearable fitness tracking IoT devices. In Proceedings of the 9th Iberian Conference on Information Systems and Technologies (CISTI), pages 1--5, Barcelona, Spain, 2014. IEEE."},{"key":"e_1_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2015.2418774"}],"container-title":["Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/dl.acm.org\/doi\/10.1145\/3191737","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/dl.acm.org\/doi\/pdf\/10.1145\/3191737","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:26:42Z","timestamp":1750213602000},"score":1,"resource":{"primary":{"URL":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/dl.acm.org\/doi\/10.1145\/3191737"}},"subtitle":["Dissecting the Fitbit Cloud, App, and Firmware"],"short-title":[],"issued":{"date-parts":[[2018,3,26]]},"references-count":50,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2018,3,26]]}},"alternative-id":["10.1145\/3191737"],"URL":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/doi.org\/10.1145\/3191737","relation":{},"ISSN":["2474-9567"],"issn-type":[{"value":"2474-9567","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,3,26]]},"assertion":[{"value":"2017-11-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-01-01","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-03-26","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}