Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Hitting the Gym - The Anatomy of a Killer Workout

WEareTROOPERS via YouTube

Overview

Explore the intersection of fitness technology and cybersecurity in this 54-minute conference talk. Delve into the anatomy of smart fitness equipment, examining their features, attack surfaces, and compliance considerations in both EU and US contexts. Analyze the unique challenges posed by Android-controlled devices and medical device classifications. Discover how to circumvent UI restrictions, exploit local file managers, and gain remote access to fitness equipment. Investigate privilege escalation techniques and methods for controlling hardware through Hi Kit. Learn about fingerprinting device types, identifying logged-in users, and remotely manipulating speed and incline settings. Examine known treadmill-related accidents and explore the potential for disabling safety features. Consider the implications of fitness IoT in corporate environments and potential attack scenarios. Gain insights into device vulnerabilities and their impact on gym security, equipping yourself with knowledge to address these emerging cybersecurity challenges in the fitness industry.

Syllabus

Intro
Fitness & Wellness Equipment
Smart Fitness Equipment Features
Information Security Attack Surface
Technology Tradeoffs
Compliance
Cybersecurity for Smart Fitness Devices (EU)
Medical Devices & the Fitness Paradox
Cybersecurity for Smart Fitness Devices (US)
Powered Treadmill Classification (US) • Powered Treadmills
Android Controlled Devices
MDM Technologies A set of technologies used in order to achinister
Smart Fitness Device Stack
Our case
Circumventing UI Restrictions #1
Local File Manager Abuse
Installing a custom app for remote shell access
Getting remote shell access
Privilege Escalation
Getting Hardware Control
Examination of the Android IPC and Data Sharing in Hi Kit (Display board)
Controlling the Hardware through Hi Kit
When you Press a Software Button
When you Press a Hardware Button
Fingerprinting the Device Type
Identifying a logged in User
Remotely Controlling Speed and Incline
Known cases of treadmill-related accidents
Can you make it stop?
Disabling Software / Physical buttons
Physical Emergency Button of Low Kit
Messing with the Low Kit
Fitness IoT & Corporate Environments
Red Teamers Hitting the Gym
Summary of Identified Device Vulnerabilities
Attack Scenarios for Gym Environments
Conclusions

Taught by

WEareTROOPERS

Reviews

Start your review of Hitting the Gym - The Anatomy of a Killer Workout

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.