Overview
Syllabus
Intro
Fitness & Wellness Equipment
Smart Fitness Equipment Features
Information Security Attack Surface
Technology Tradeoffs
Compliance
Cybersecurity for Smart Fitness Devices (EU)
Medical Devices & the Fitness Paradox
Cybersecurity for Smart Fitness Devices (US)
Powered Treadmill Classification (US) • Powered Treadmills
Android Controlled Devices
MDM Technologies A set of technologies used in order to achinister
Smart Fitness Device Stack
Our case
Circumventing UI Restrictions #1
Local File Manager Abuse
Installing a custom app for remote shell access
Getting remote shell access
Privilege Escalation
Getting Hardware Control
Examination of the Android IPC and Data Sharing in Hi Kit (Display board)
Controlling the Hardware through Hi Kit
When you Press a Software Button
When you Press a Hardware Button
Fingerprinting the Device Type
Identifying a logged in User
Remotely Controlling Speed and Incline
Known cases of treadmill-related accidents
Can you make it stop?
Disabling Software / Physical buttons
Physical Emergency Button of Low Kit
Messing with the Low Kit
Fitness IoT & Corporate Environments
Red Teamers Hitting the Gym
Summary of Identified Device Vulnerabilities
Attack Scenarios for Gym Environments
Conclusions
Taught by
WEareTROOPERS