Abstract

The wearable industry has experienced a notable growth over the last decade, especially in fitness or e-health trackers. These trackers bring new functionalities that require collecting a great amount of sensitive information about the user. This fact has made fitness trackers the target of deliberate attacks, e.g., eavesdropping, unauthorized account access, fake firmware update, and so on. For this reason, this paper describes a vulnerability study on one of the most popular fitness trackers in 2017, together with the mobile application associated to the tracker. The study results show what vulnerabilities of the communications among agents (i.e., wearable device, mobile application and server) could put at risk users sensitive information and privacy.

Highlights

  • The Internet of Things (IoT) paradigm has encouraged the creation of environments with interconnected highly heterogeneous entities and networks

  • “Basic attributes” are the data given by the user when creating an account and registering his/her device, information collected by the tracker and the technical information about device when it synchronizes with the mobile application

  • After keeping track of the fitness tracker’s Bluetooth Device Address (BDA), it was found that its value did not change, which involves that it uses a Public BDA

Read more

Summary

Introduction

The Internet of Things (IoT) paradigm has encouraged the creation of environments with interconnected highly heterogeneous entities and networks. Fitness trackers designed to be worn all day long by users, track steps and physical activity of their owners, but they are able to track their sleep duration and consistency, and many other factors related to users’ health. They are designed to locally gather all the information they can about the user throughout the day. In this study we analyse the potential security vulnerabilities of the communication of one of the most popular fitness trackers in the market with the mobile application, the synchronization with the manufacturer’s servers, and the.

Related Work
Study Description and Setup
Vulnerabilities in the Communication between Wearable and Mobile Devices
Vulnerabilities in the Communication between Mobile Devices and Server
Vulnerabilities in the Third Party API
Conclusions and Future Work

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.