Hitting the Gym: The Anatomy of a Killer Workout
An extensive set of applications for IoT devices has been developed during the last few years including industrial, wearable, smart home and health care devices. The fitness and Wellbeing industry could not fall behind in progress and development regarding the IoT technology. The time when the fitness centers and gyms looked like torture chambers has gone for good. Beyond any doubt, IoT technology gives endless opportunities to bring intelligence in an everyday workout.
However, according to many researchers, most off-the-shelf IoT devices carry ‘frightening’ security flaws, making them easy targets for cyber criminals. When it comes to the industrial and health sector, there are foreseen regulations that one must comply with in order to allow a product to face the markets. Do the same regulations apply when it comes to the fitness and wellness sector? or are there still communities out there that consider this sector as a lap of luxury, where cyber security concerns could be ignored?
In this presentation, we will show how hackers may tamper with popular IoT equipped treadmills to wreak havoc and expose users to potentially fatal injuries, by remotely taking control of the treadmill speed and incline.
The presentation will explain the architecture and attack surface of modern Android-based fitness equipment, highlighting attack paths that a remote attacker may use to control the equipment’s motor. The inherent dangers from their placement in the networks of prominent organizations will also be discussed, along with recommendations for the protection of both users and hosting organizations.