Fit and Vulnerable: Attacks and Defenses for a Health Monitoring Device

@article{Rahman2013FitAV,
  title={Fit and Vulnerable: Attacks and Defenses for a Health Monitoring Device},
  author={Mahmudur Rahman and Bogdan Carbunar and Madhusudan Banik},
  journal={ArXiv},
  year={2013},
  volume={abs/1304.5672}
}
The fusion of social networks and wearable sensors is becoming increasingly popular, with systems like Fitbitautomating the process of reporting and sharing user fitness da t . In this paper we show that while compelling, the careless integ ration of health data into social networks is fraught with privacy and security vulnerabilities. Case in point, by reverse enginering the communication protocol, storage details and operation cod es, we identified several vulnerabilities in Fitbit. We have… 
View PDF on arXiv
54 Citations
Highly Influential Citations
4
Background Citations
31
Methods Citations
3

Figures from this paper

54 Citations

Inside Job: Understanding and Mitigating the Threat of External Device Mis-Binding on Android

The first study on external Device Mis-Bonding or DMB under the context of Bluetooth-enabled Android devices is presented, and the first OS-level protection, called Dabinder, is developed, which automatically generates secure bonding policies between a device and its official app and enforces them when an app attempts to establish Bluetooth connections with a devices and unpair the phone from the device.

Anatomy of a Vulnerable Fitness Tracking System

This article analyzes the complete Fitbit ecosystem and reveals how attackers can exploit the Fitbit protocol to extract private information from victims without leaving a trace, and wirelessly flash malware without user consent.

Edinburgh Explorer Anatomy of a Vulnerable Fitness Tracking System: Dissecting the Fitbit Cloud, App, and Firmware

This article analyzes the complete Fitbit ecosystem and reveals how attackers can exploit the Fitbit protocol to extract private information from victims without leaving a trace, and wirelessly flash malware without user consent.

Automated Security Assessment Framework for Wearable BLE-enabled Health Monitoring Devices

A new semi-automated framework is proposed that can be used to identify and discover both known and unknown vulnerabilities in WHMDs, which are vulnerable to a number of attacks, including eavesdropping, data manipulation, and denial of service attacks.

Security Vulnerabilities of Internet of Things: A Case Study of the Smart Plug System

This paper case study a smart plug system of a known brand is case study by exploiting its communication protocols and successfully launching four attacks: 1) device scanning attack; 2) brute force attack; 3) spoofing attack; 4) firmware attack.

Security Analysis of Wearable Fitness Devices ( Fitbit )

It is discovered that MAC addresses on Fitbit devices are never changed, enabling usercorrelation attacks, and BTLE credentials are also exposed on the network during device pairing over TLS, which might be intercepted by MITM attacks.

Security Analysis of a Medical IoT Device: Data Leakage to an Eavesdropper

This research considers the Masimo MightySat fingertip pulse oximeter and the companion Masimo Professional Health app from a security standpoint, analyzing the Bluetooth Low Energy (BLE) communication from the device to the application and the data leakage between the two.

Threats and Vulnerabilities Affecting Fitness Wearables: Security and Privacy Theoretical Analysis

This study investigates and analyse security vulnerabilities and threats that affect fitness wearables from a security and privacy perspective and employs the Microsoft STRIDE framework and CIA triad to conduct an analysis of the threats and vulnerabilities.

I still See You! Inferring Fitness Data from Encrypted Traffic of Wearables

It is shown that privacy leaks might occur even when the transferred data are fully encrypted, and the representative mobile application utilizes state-of-the-art security mechanisms: certificate pinning, and source.

Health Monitors Under The Magnifying Glass: A Privacy And Security Study

An analysis framework for mHealth solutions, mH-PriSe, is proposed and the adequacy of this framework is validated through a comprehensive analysis of 8 different smart scale solutions which have been released since 2012, allowing for the discovery of weaknesses affecting all solutions in scope.
...

References

SHOWING 1-10 OF 26 REFERENCES

Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system

The study shows that both passive attacks and active attacks can be successfully launched using public-domain information and widely available off-the-shelf hardware and proposed defenses against such attacks have the potential to mitigate the security risks associated with personal healthcare systems.

The Sybil attack in sensor networks: analysis & defenses

It is demonstrated that the Sybil attack can be exceedingly detrimental to many important functions of the sensor network such as routing, resource allocation, misbehavior detection, etc.

Security Issues on Wireless Body Area Network for Remote Healthcare Monitoring

A case study of security risk analysis of a wireless body area network for remote health monitoring as a after measure fordeploying security and privacy features is introduced in this paper. The

Security and privacy for mobile electronic health monitoring and recording systems

The architecture and implementation of the HealthNet mobile electronic health monitoring and data collection system, which consists of a body sensor network embedded in clothing that communicates wirelessly to the wearer's mobile phone, is detailed.

Security specification and implementation for mobile e-health services

  • R. MartíJ. DelgadoX. Perramon
  • Computer Science, Political Science
    IEEE International Conference on e-Technology, e-Commerce and e-Service, 2004. EEE '04. 2004
  • 2004
The description of the mobile e-health service MobiHealth, an application developed under the Mobi health project, cofunded by the European Commission, is included, focused on the security services added to it.

Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses

This paper is the first in the community to use general-purpose software radios to analyze and attack previously unknown radio communications protocols, and introduces three new zero-power defenses based on RF power harvesting.

Pervasive Health Care Applications Face Tough Security Challenges

The explosive growth of pervasive computing in medicine has begun to produce many useful applications, systems, and tools, but these need additional integration, security, and standards work, especially to protect confidential medical records data, to realize their full potential.

Challenges in Data Quality Assurance in Pervasive Health Monitoring Systems

A deeper look at potential health- Monitoring usage scenarios is taken and research challenges required to ensure and assess quality of sensor data in health-monitoring systems are highlighted.

Proximity-based access control for implantable medical devices

It is shown that, although implanted, IMDs can successfully verify the proximity of other devices with high accuracy and the integration of the scheme with existing IMD devices and with their existing security measures is discussed.

The socialbot network: when bots socialize for fame and money

This paper adopts a traditional web-based botnet design and built a Socialbot Network (SbN): a group of adaptive socialbots that are orchestrated in a command-and-control fashion that is evaluated how vulnerable OSNs are to a large-scale infiltration by socialbots.