Withings Smart Body Analyzer
From Wiki-IoT
Classification
| Withings Smart Body Analyzer | |
|---|---|
| Classification | |
| Grade | B |
| Calculator version | 1 |
| Classification date | 2025-10-11 |
| Information | |
| Name | Withings Smart Body Analyzer |
| Brand by Parent | Withings by Withings SA |
| Generation | Body Comp Series |
| Model(s) | WBS07 |
| Release date | 2022-08-04 |
| Type/Category | kitchen scale |
| Website | [1] |
| Status | End of sale |
| More | |
| Dimensions | 330 mm x 330 mm x 25 mm |
| Mass | 1.8 kg |
| Operating system | embedded system |
| Companion App | Withings Health Mate App |
| CPU | Unpublished microcontroller |
| GPU | |
| Memory | Built in, used for temporary storage of measurement data |
| Storage | |
| Battery | 4 AA batteries |
| Power | |
| Charging | battery-powered |
| Display | LED/LCD digital display screen |
| Camera | |
| Sound | |
| Connectivity | Bluetooth Low Energy (BLE) and wifi |
| Device | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Known hardware tampering | None | [] | As a household scale, motivation and instances of physical tampering are extremely rare. |
| Known vulnerabilities | None | [] | Historical vulnerabilities were found in data transmission, but no widespread exploits were reported |
| Prior attacks | None | [] | It has been analyzed as a case study in security research. |
| Updatability | Rare | [] | The firmware is not updatable, which is its primary security weakness |
| Category score | 2 | ||
| System | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Authentication with other systems | Partial | [] | Data is sent to the Withings cloud via Wi-Fi and can be synced with third-party health apps like Apple Health Kit. |
| Communications | Encrypted with up-to-date encryption | [] | Initially used TLS 1.0/1.1, which are now considered outdated standards. |
| Storage | Encrypted with up-to-date encryption | [] | Data is encrypted when stored on Withings servers. |
| Category score | 2 | ||
| User Authentication | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Account management | Full | [] | Relies on a Withings account, which has basic management features |
| Authentication | Basic | [] | Standard account/password authentication, with later app-level support for biometrics |
| Brute-force protection | Exist | [] | Standard protections should exist on the server side |
| Event logging | Partial logging | [] | Measurement history is viewable in the app, but detailed access logs are not available to the user |
| Passwords | Require change after setup with complexity requirements | [] | Relies on user-defined password strength; no mandatory complexity requirements are enforced by the device itself |
| Category score | 2 | ||
| Grade | B |
|---|
