Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Jailbreaking the Microsoft Fitness Band (b0n0n.com)
94 points by moyix on July 8, 2016 | hide | past | favorite | 21 comments


While he is able to run custom binary on the band, there doesn't seem to be any sort of crypto signatures present securing the firmware. So all you have to do is reverse engineer the binary format, change the code, update the CRCs where needed and hijack the update process.

The article is well written and the feat is cool, but the device doesn't seem to be very secure to begin with.


It wasn't quite a developer kit, but the Band was expressly "experimental" to begin with, so I'm not surprised! I roughly their marketing pitch was roughly "we're going to put lots of sensors on you and see what happens"


Why on earth does a fitness band need security? What a waste of time and effort for everyone involved.


It is most certainly not a waste of time! According to a recently published article [1], researchers managed to crack ATM PINs with 80-percent accuracy on the first try using the motion sensors on smartwatches.

[1] http://phys.org/news/2016-07-smartwatch-atm-pin.html


Which is why I largely like randomized touch screen number pads. They may be able to tell where I touched, but not what I touched.

However, Google Glass or Microsoft Holo type applications become a somewhat hilarious much better way of doing this.


Not sure if you're serious? The fitness band doesn't store your SSH keys, but with a heartbeat sensor, GPS and an accelerometer it allows unprecedented insights in your daily life (your heartbeat accelerated inside the maternity ward? Just imagine the datamining possibilities). We are dealing with extremely private data here, and a consumer device should be protected accordingly.


As long as the firmware update requires physical access to the band and the paired computer, then it is secure.

If this device is insecure just because its owner can install new software onto it, then all laptops and desktops are also insecure.


...and that "insecurity" is a good thing, because it's insecurity that leads to freedom. Nonetheless, there are plenty of groups who want to get rid of that insecurity, which is even scarier.

https://www.gnu.org/philosophy/right-to-read.en.html

http://boingboing.net/2012/01/10/lockdown.html

http://boingboing.net/2012/08/23/civilwar.html

"Perfect security is a good idea only to those for whom freedom is worth nothing."


How are Cory's predictions going? Apple dropped their TPM (without ever even using it), UEFI Secure Boot still allows you to put your own keys even on the most vertically integrated platforms (like the Surface), you can buy plenty of consumer routers that are already running DD-WRT and can be easily flashed with whatever you fancy, Nexus devices still let you unlock the bootloader, and Apple now lets you compile and run apps for your iPhone without a developer's license. Even consumer GPUs are easily programmable now.

In what way have any general purpose computers become less general purpose since the hysteria about the war on general purpose computers started?


It is, and it is not.

The only sane way is personal security and freedom, where your device is sold to you unlocked or trivially unlockable, with vendor as default trusted party - sure, and you can arm the security to make device obey only your commands, but no one else (including device original vendor), even if you're tricked (malware-shipping wifi hotspots, fake chargers, etc) or lose physical contact with the device.


Unfortunately the definition of "protected" all-too-often means "against the user".


I guess it's a matter of taste—I consider anything requiring jailbreaking inherently broken without something to protect. I have no desire to protect my fitness data, but I do have a desire to have access to my own device without problem.

Give me accessible hardware or give me something that will be trash a year from now.


You're not thinking broad enough. It isn't fitness data, it's historical data showing your location (and duration in that location) at all times of day.


I thought this was an awesome article, the OP is obviously deep in the rabbit hole and his code is well written. Top job. Keep on hacking.


I've got two bands (Microsoft shipped me two, charged me twice and refused to take the 2nd back - brutal customer service), I suspect the Band can be looked at as a failed experiment/product.

What I'd like to see is Microsoft open-source or somehow support hacking on these devices so they can see what the small community of users does with them when given full access.


While the title matches the article, it really isn't descriptive of the content of the article (which is all about modifying and flashing the ROM, there's no 'jailbreak' yet).


He achieved full code execution on the device. You can argue that it's not a jailbreak because there wasn't much of a "jail" (checksums, rather than crypto), but I'm not sure what more you would want in terms of capabilities.


I disagree. The github repo he links to in this writeup contains everything necessary to install a custom firmware to the Fitness Band. He even includes the binary itself, which is probably not too smart(it would have been better to write a script to download the binary direct from MS's server). What more do you want? Cydia?


Your comment is in line with my thoughts as well. I've come to accept that HN is slowly becoming a pit of contrarian asswipes honestly.


Please don't make this place even worse by posting unsubstantive dismissals of it. More about this here: https://news.ycombinator.com/item?id=12053739.

We detached this subthread from https://news.ycombinator.com/item?id=12057792 and marked it off-topic.


Well, that's kind and encouraging.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: