Fit and Vulnerable: Attacks and Defenses for a Health Monitoring Device
@article{Rahman2013FitAV, title={Fit and Vulnerable: Attacks and Defenses for a Health Monitoring Device}, author={Mahmudur Rahman and Bogdan Carbunar and Madhusudan Banik}, journal={ArXiv}, year={2013}, volume={abs/1304.5672} }
The fusion of social networks and wearable sensors is becoming increasingly popular, with systems like Fitbitautomating the process of reporting and sharing user fitness da t . In this paper we show that while compelling, the careless integ ration of health data into social networks is fraught with privacy and security vulnerabilities. Case in point, by reverse enginering the communication protocol, storage details and operation cod es, we identified several vulnerabilities in Fitbit. We have…
54 Citations
Inside Job: Understanding and Mitigating the Threat of External Device Mis-Binding on Android
- Computer ScienceNDSS
- 2014
The first study on external Device Mis-Bonding or DMB under the context of Bluetooth-enabled Android devices is presented, and the first OS-level protection, called Dabinder, is developed, which automatically generates secure bonding policies between a device and its official app and enforces them when an app attempts to establish Bluetooth connections with a devices and unpair the phone from the device.
Anatomy of a Vulnerable Fitness Tracking System
- Computer ScienceProc. ACM Interact. Mob. Wearable Ubiquitous Technol.
- 2018
This article analyzes the complete Fitbit ecosystem and reveals how attackers can exploit the Fitbit protocol to extract private information from victims without leaving a trace, and wirelessly flash malware without user consent.
Edinburgh Explorer Anatomy of a Vulnerable Fitness Tracking System: Dissecting the Fitbit Cloud, App, and Firmware
- Computer Science
- 2018
This article analyzes the complete Fitbit ecosystem and reveals how attackers can exploit the Fitbit protocol to extract private information from victims without leaving a trace, and wirelessly flash malware without user consent.
Automated Security Assessment Framework for Wearable BLE-enabled Health Monitoring Devices
- Computer ScienceACM Trans. Internet Techn.
- 2022
A new semi-automated framework is proposed that can be used to identify and discover both known and unknown vulnerabilities in WHMDs, which are vulnerable to a number of attacks, including eavesdropping, data manipulation, and denial of service attacks.
Security Vulnerabilities of Internet of Things: A Case Study of the Smart Plug System
- Computer ScienceIEEE Internet of Things Journal
- 2017
This paper case study a smart plug system of a known brand is case study by exploiting its communication protocols and successfully launching four attacks: 1) device scanning attack; 2) brute force attack; 3) spoofing attack; 4) firmware attack.
Security Analysis of Wearable Fitness Devices ( Fitbit )
- Computer Science
- 2014
It is discovered that MAC addresses on Fitbit devices are never changed, enabling usercorrelation attacks, and BTLE credentials are also exposed on the network during device pairing over TLS, which might be intercepted by MITM attacks.
Security Analysis of a Medical IoT Device: Data Leakage to an Eavesdropper
- Computer Science
- 2020
This research considers the Masimo MightySat fingertip pulse oximeter and the companion Masimo Professional Health app from a security standpoint, analyzing the Bluetooth Low Energy (BLE) communication from the device to the application and the data leakage between the two.
Threats and Vulnerabilities Affecting Fitness Wearables: Security and Privacy Theoretical Analysis
- Computer ScienceISSA
- 2019
This study investigates and analyse security vulnerabilities and threats that affect fitness wearables from a security and privacy perspective and employs the Microsoft STRIDE framework and CIA triad to conduct an analysis of the threats and vulnerabilities.
I still See You! Inferring Fitness Data from Encrypted Traffic of Wearables
- Computer ScienceHEALTHINF
- 2021
It is shown that privacy leaks might occur even when the transferred data are fully encrypted, and the representative mobile application utilizes state-of-the-art security mechanisms: certificate pinning, and source.
Health Monitors Under The Magnifying Glass: A Privacy And Security Study
- Computer Science
- 2016
An analysis framework for mHealth solutions, mH-PriSe, is proposed and the adequacy of this framework is validated through a comprehensive analysis of 8 different smart scale solutions which have been released since 2012, allowing for the discovery of weaknesses affecting all solutions in scope.
References
SHOWING 1-10 OF 26 REFERENCES
Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system
- Computer Science2011 IEEE 13th International Conference on e-Health Networking, Applications and Services
- 2011
The study shows that both passive attacks and active attacks can be successfully launched using public-domain information and widely available off-the-shelf hardware and proposed defenses against such attacks have the potential to mitigate the security risks associated with personal healthcare systems.
The Sybil attack in sensor networks: analysis & defenses
- Computer ScienceThird International Symposium on Information Processing in Sensor Networks, 2004. IPSN 2004
- 2004
It is demonstrated that the Sybil attack can be exceedingly detrimental to many important functions of the sensor network such as routing, resource allocation, misbehavior detection, etc.
Security Issues on Wireless Body Area Network for Remote Healthcare Monitoring
- Computer Science2010 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing
- 2010
A case study of security risk analysis of a wireless body area network for remote health monitoring as a after measure fordeploying security and privacy features is introduced in this paper. The…
Security and privacy for mobile electronic health monitoring and recording systems
- Computer Science2010 IEEE International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM)
- 2010
The architecture and implementation of the HealthNet mobile electronic health monitoring and data collection system, which consists of a body sensor network embedded in clothing that communicates wirelessly to the wearer's mobile phone, is detailed.
Security specification and implementation for mobile e-health services
- Computer Science, Political ScienceIEEE International Conference on e-Technology, e-Commerce and e-Service, 2004. EEE '04. 2004
- 2004
The description of the mobile e-health service MobiHealth, an application developed under the Mobi health project, cofunded by the European Commission, is included, focused on the security services added to it.
Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses
- Computer Science2008 IEEE Symposium on Security and Privacy (sp 2008)
- 2008
This paper is the first in the community to use general-purpose software radios to analyze and attack previously unknown radio communications protocols, and introduces three new zero-power defenses based on RF power harvesting.
Pervasive Health Care Applications Face Tough Security Challenges
- Computer ScienceIEEE Pervasive Comput.
- 2002
The explosive growth of pervasive computing in medicine has begun to produce many useful applications, systems, and tools, but these need additional integration, security, and standards work, especially to protect confidential medical records data, to realize their full potential.
Challenges in Data Quality Assurance in Pervasive Health Monitoring Systems
- Medicine, Computer Science
- 2009
A deeper look at potential health- Monitoring usage scenarios is taken and research challenges required to ensure and assess quality of sensor data in health-monitoring systems are highlighted.
Proximity-based access control for implantable medical devices
- Computer ScienceCCS
- 2009
It is shown that, although implanted, IMDs can successfully verify the proximity of other devices with high accuracy and the integration of the scheme with existing IMD devices and with their existing security measures is discussed.
The socialbot network: when bots socialize for fame and money
- Computer ScienceACSAC '11
- 2011
This paper adopts a traditional web-based botnet design and built a Socialbot Network (SbN): a group of adaptive socialbots that are orchestrated in a command-and-control fashion that is evaluated how vulnerable OSNs are to a large-scale infiltration by socialbots.