A hacker created a proof-of-concept for a malicious app that could access Fitbit user data. The developer API would allow an attacker to build a malicious application that access user data, and send it to any server. Fitbit devices are loaded with sensitive personal data, such as PII profile data. A malicious watch face could be used to do everything from identifying and accessing routers, firewalls and other devices, to brute-forcing passwords and reading the company intranet all from inside the app.
Source: https://threatpost.com/fitbit-personal-data-watch-face/160003/

