This is impressive: "An attacker sends an infected packet to a fitness tracker nearby at bluetooth distance then the rest of the attack occurs by itself, without any special need for the attacker being near," Apvrille says.

"[When] the victim wishes to synchronise his or her fitness data with FitBit servers to update their profile ... the fitness tracker responds to the query, but in addition to the standard message, the response is tainted with the infected code.