About the Speaker

The rapid proliferation of internet-connected health and fitness devices presents significant security challenges, particularly when it comes to securing communication between devices and their associated APIs. This research investigates vulnerabilities in smart weighing machines manufactured by a Chinese OEM and a European vendor, revealing flaws that could enable an attacker to associate any device with their own account. Through reverse-engineering mobile apps, firmware, and hardware, this study uncovers critical security issues, including the ability to manipulate device settings and access health data remotely. Notably, over one million devices may be affected. This
talk walks through the process of reconnaissance, hardware analysis, firmware reverse-engineering, and exploiting insecure APIs, offering insights into the broader security challenges faced by IoT devices and providing valuable methods applicable to a wide range of smart devices.

Eugene Lim hacks for good! From Amazon to Zoom, he has helped secure products and data from a range of vulnerabilities. At Open Government Products, he solves cybersecurity problems with engineering solutions such as infrastructure as code, chaos testing, and GitOps, His work has been featured at top conferences such as Black Hat, DEF CON, and industry publications like WIRED and The Register. His upcoming book with No Starch Press, “From Day Zero to Zero Day”, dives into the building blocks of vulnerability research.