Hackers publish tools to customize Fitbit firmware themselves

CCC hackers released tools at the Chaos Computer conference that make it possible to modify the firmware of certain Fitbit devices. For example, it is possible to count steps a hundred times, if you want to be ready quickly.

The tools consist of an Android app and an editor for the firmware based on Nexmon. The purpose of the app is to help users figure out a symmetric encryption key and access the firmware binaries. These can then be adjusted in the editor, after which the app can be used again to flash the Fitbit tracker with the re-encrypted firmware. This method works with the Go and Flex devices as long as they do not have the security patch released in October, versions higher than 5.60 and 7.81 respectively.

The tools are the result of reverse engineering by the developers and the application of other existing research into Fitbit trackers. For example, the makers found out that the devices support a so-called live mode that sends data such as heart rate directly to the accompanying app, without going through the Fitbit servers first. However, this mode is not encrypted, making this data interceptable. Fitbit made a change in the last patch so that the mode can be turned off if desired.

The reason for choosing Fitbit was that it is a fairly large party in the fitness tracker market, as it turned out during the presentation. In addition, flashing your own firmware is a way to take data into your own hands without having to send it to Fitbit first. So if you have a device lying around with an old firmware version, this might be an interesting holiday project.