Withings Body Scan
From Wiki-IoT
Classification
| Withings Body Scan | |
|---|---|
| Classification | |
| Grade | A |
| Calculator version | 1 |
| Classification date | 2025-10-11 |
| Information | |
| Name | Withings Body Scan |
| Brand by Parent | Withings by Withings |
| Generation | 1 |
| Model(s) | Black, White |
| Release date | 2023-03-17 |
| Type/Category | Bathroom Scale |
| Website | [1] |
| Status | In sale |
| More | |
| Dimensions | 327 x 327 x 28 mm |
| Mass | 4 kg |
| Operating system | Proprietary firmware |
| Companion App | Withings Health Mate |
| CPU | |
| GPU | |
| Memory | |
| Storage | |
| Battery | |
| Power | |
| Charging | |
| Display | |
| Camera | |
| Sound | |
| Connectivity | |
| Device | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Known hardware tampering | None | [2] | The device is a solid, sealed unit made of tempered glass and is not user-serviceable. No public reports of supply chain tampering. |
| Known vulnerabilities | Rare | [3] | Runs a highly specialized, single-purpose firmware. Withings has a long history of providing timely OTA updates to patch any potential security issues. |
| Prior attacks | None | [4] | No publicly documented, widespread security breaches targeting Withings smart scales or health devices. |
| Updatability | Very common | [5] | Firmware is updated automatically and seamlessly in the background via Wi-Fi, managed by the Withings cloud infrastructure. |
| Category score | 2 | ||
| System | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Authentication with other systems | Full | [6] | https://www.withings.com/us/en/privacy-policy |
| Communications | Encrypted with up-to-date encryption | [7] | All sensitive health data is encrypted both in transit (between the scale and cloud) and at rest |
| Storage | Encrypted with up-to-date encryption | [8] | The device stores measurements temporarily if offline. All long-term data is stored and encrypted on Withings' secure, HIPAA-compliant servers. |
| Category score | 1 | ||
| User Authentication | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Account management | Full | [9] | A Withings account is mandatory to use the device and access health data. The device can automatically recognize and assign data to up to 8 different users. |
| Authentication | Secure | [10] | Authentication is handled by the cloud-based Withings account, which is protected by a standard password. |
| Brute-force protection | Exist | [11] | The Withings account system includes standard server-side protections against brute-force login attempts. |
| Event logging | Access event logged | [12] | Access to the Withings cloud account is logged server-side for security and auditing purposes. |
| Passwords | Require change after setup with complexity requirements | [13] | The Withings account creation process requires a password that meets standard complexity rules. |
| Category score | 1 | ||
| Grade | A |
|---|
