research-article

Mind the tracker you wear: a security analysis of wearable health trackers

Authors:

Rohit Goyal,

Nicola Dragoni,

Angelo SpognardiAuthors Info & Claims

SAC '16: Proceedings of the 31st Annual ACM Symposium on Applied Computing

Pages 131 - 136

https://doi.org/10.1145/2851613.2851685

Published: 04 April 2016 Publication History

Get Access

Abstract

Wearable tracking devices have gained widespread usage and popularity because of the valuable services they offer, monitoring human's health parameters and, in general, assisting persons to take a better care of themselves. Nevertheless, the security risks associated with such devices can represent a concern among consumers, because of the sensitive information these devices deal with, like sleeping patterns, eating habits, heart rate and so on. In this paper, we analyse the key security and privacy features of two entry level health trackers from leading vendors (Jawbone and Fitbit), exploring possible attack vectors and vulnerabilities at several system levels. The results of the analysis show how these devices are vulnerable to several attacks (perpetrated with consumer-level devices equipped with just bluetooth and Wi-Fi) that can compromise users' data privacy and security, and eventually call the tracker vendors to raise the stakes against such attacks.

References

[1]

M. B. Barcena, C. Wueest, and H. Lau. How Safe is Your Quantified Self. Symantec Security Response, August 2014.

Google Scholar

[2]

Bluetooth SIG. Security, Bluetooth Smart (Low Energy). https://developer.bluetooth.org/TechnologyOverview/Pages/LE-Security.aspx {Retrieved 17/09/2015}.

Google Scholar

[3]

Bluetooth SIG. The Low Energy Technology Behind Bluetooth Smart. http://www.bluetooth.com/Pages/low-energy-tech-info.aspx {Retrieved 17/09/2015}.

Google Scholar

[4]

E. Clausing, M. Schiefer, and U. L. M. Morgenstern. Internet of Things - Security Evaluation of Nine Fitness Trackers. http://www.symantec.com/connect/blogs/how-safe-your-quantified-self-tracking-monitoring-and-wearable-tech {Posted 30/07/2014}.

Google Scholar

[5]

R. W. Connor Tumbleson. An Assembler/Disassembler for Dex Format. https://github.com/JesusFreke/smali {Retrieved 17/09/2015}.

Google Scholar

[6]

M. Conti, N. Dragoni, and S. Gottardo. MITHYS: Mind The Hand You Shake - Protecting Mobile Figure 7: Security Analysis of Fitness Trackers Devices from SSL Usage Vulnerabilities. In 9th International Workshop on Security and Trust Management (STM'13), Springer LNCS, 2013.

Crossref

Google Scholar

[7]

B. Cyr, W. Horn, D. Miao, and M. Specter. Security Analysis of Wearable Fitness Devices (Fitbit), 2014. https://courses.csail.mit.edu/6.857/2014/files/17-cyrbritt-webbhorn-specter-dmiao-hacking-fitbit.pdf {Retrieved 17/09/2015}.

Google Scholar

[8]

M. Georgiev, S. Iyengar, S. Jana, R. Anubhai, D. Boneh, and V. Shmatikov. The Most Dangerous Code in the World: Validating SSL Certificates in Non-browser Software. In Proceedings of ACM CCS'12, pages 38--49. ACM, 2012.

Digital Library

Google Scholar

[9]

M. Rahman, B. Carbunar, and M. Banik. Fit and Vulnerable: Attacks and Defenses for a Health Monitoring Device. arXiv preprint arXiv:1304.5672, 2013.

Google Scholar

[10]

S. Stein. Best Wearable Tech of 2015. http://www.cnet.com/topics/wearable-tech/best-wearable-tech/{Posted 14/09/2015}.

Google Scholar

[11]

J. Wolff. Get Started with Bluetooth Low Energy. http://www.jaredwolff.com/blog/get-started-with-bluetooth-low-energy/{Posted 14/04/2014}.

Google Scholar

[12]

W. Zhou and S. Piramuthu. Security/Privacy of Wearable Fitness Tracking IoT Devices. In Proceedings of 9th Iberian Conference on Information Systems and Technologies (CISTI), pages 1--5. IEEE, 2014.

Crossref

Google Scholar

Cited By

View all

Salehzadeh Niksirat KVelykoivanenko LZufferey NCherubini MHuguenin KHumbert M(2024)Wearable Activity Trackers: A Survey on Utility, Privacy, and SecurityACM Computing Surveys10.1145/364509156:7(1-40)Online publication date: 9-Apr-2024
https://dl.acm.org/doi/10.1145/3645091
Saad HZaki JAbdelsalam M(2024)Employing of machine learning and wearable devices in healthcare system: tasks and challengesNeural Computing and Applications10.1007/s00521-024-10197-z36:29(17829-17849)Online publication date: 6-Aug-2024
https://dl.acm.org/doi/10.1007/s00521-024-10197-z
Müller SSchiering I(2023)Chancen und Nutzen assistiver Technologien für Menschen mit kognitiven BeeinträchtigungenSozialer Fortschritt10.3790/sfo.72.11.86972:11(869-887)Online publication date: 1-Nov-2023
https://doi.org/10.3790/sfo.72.11.869
Show More Cited By

Index Terms

Mind the tracker you wear: a security analysis of wearable health trackers

Recommendations

A Look at the Security and Privacy of Fitbit as a Health Activity Tracker
ACMSE '19: Proceedings of the 2019 ACM Southeast Conference

Given the popularity of consumer grade wearable health trackers, there is an increasing need to evaluate their accuracy and security. In this paper, we present the results of a study with 24 participants who used and evaluated a small form factor ...
Privacy and Security Challenges in Internet of Things
ICDCIT 2015: Proceedings of the 11th International Conference on Distributed Computing and Internet Technology - Volume 8956

Internet of Things IoT envisions as a global network, connecting any objects around us, ranging from home appliances, wearable things to military applications. With IoT infrastructure, physical objects such as wearable objects, television, refrigerator, ...
Internet of Things security

The Internet of things (IoT) has recently become an important research topic because it integrates various sensors and objects to communicate directly with one another without human intervention. The requirements for the large-scale deployment of the IoT ...

Comments

Information & Contributors

Information

Published In

SAC '16: Proceedings of the 31st Annual ACM Symposium on Applied Computing

April 2016

2360 pages

ISBN:9781450337397

DOI:10.1145/2851613

Conference Chair:
Sascha Ossowski
University Rey Juan Carlos, Spain

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 April 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SAC 2016

Sponsor:

SIGAPP

SAC 2016: Symposium on Applied Computing

April 4 - 8, 2016

Pisa, Italy

Acceptance Rates

SAC '16 Paper Acceptance Rate 252 of 1,047 submissions, 24%;

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25

Sponsor:
sigapp

The 40th ACM/SIGAPP Symposium on Applied Computing

March 31 - April 4, 2025

Catania , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

59
Total Citations
View Citations
1,272
Total Downloads

Downloads (Last 12 months)39
Downloads (Last 6 weeks)3

Reflects downloads up to 05 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Salehzadeh Niksirat KVelykoivanenko LZufferey NCherubini MHuguenin KHumbert M(2024)Wearable Activity Trackers: A Survey on Utility, Privacy, and SecurityACM Computing Surveys10.1145/364509156:7(1-40)Online publication date: 9-Apr-2024
https://dl.acm.org/doi/10.1145/3645091
Saad HZaki JAbdelsalam M(2024)Employing of machine learning and wearable devices in healthcare system: tasks and challengesNeural Computing and Applications10.1007/s00521-024-10197-z36:29(17829-17849)Online publication date: 6-Aug-2024
https://dl.acm.org/doi/10.1007/s00521-024-10197-z
Müller SSchiering I(2023)Chancen und Nutzen assistiver Technologien für Menschen mit kognitiven BeeinträchtigungenSozialer Fortschritt10.3790/sfo.72.11.86972:11(869-887)Online publication date: 1-Nov-2023
https://doi.org/10.3790/sfo.72.11.869
Theis SStellmacher CPütz SArend MNitsch V(2023)Understanding Fitness Tracker Users’ and Non-Users’ Requirements for Interactive and Transparent Privacy InformationExtended Abstracts of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544549.3585698(1-7)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544549.3585698
Zhang XYu SZhou HHuang PGuo LLi M(2023)Signal Emulation Attack and Defense for Smart Home IoTIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.316970520:3(2040-2057)Online publication date: 1-May-2023
https://dl.acm.org/doi/10.1109/TDSC.2022.3169705
Chakraborty NIqbal SZulkernine M(2023)Risk Assessment in Smart Aging Care Systems: An Elderly-Centered Perspective2023 IEEE International Conference on Digital Health (ICDH)10.1109/ICDH60066.2023.00012(1-12)Online publication date: Jul-2023
https://doi.org/10.1109/ICDH60066.2023.00012
Hernández-Álvarez LBullón Pérez JBatista FQueiruga-Dios A(2022)Security Threats and Cryptographic Protocols for Medical WearablesMathematics10.3390/math1006088610:6(886)Online publication date: 10-Mar-2022
https://doi.org/10.3390/math10060886
De Donno MFafoutis XDragoni N(2022)AntibIoTicJournal of Computer Security10.3233/JCS-21002730:5(689-725)Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.3233/JCS-210027
Xin JPhoha VSalekin A(2022)Combating False Data Injection Attacks on Human-Centric Sensing ApplicationsProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35345776:2(1-22)Online publication date: 7-Jul-2022
https://dl.acm.org/doi/10.1145/3534577
Shakarami MBenson JSandhu R(2022)Scenario-Driven Device-to-Device Access Control in Smart Home IoT2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)10.1109/TPS-ISA56441.2022.00035(217-228)Online publication date: Dec-2022
https://doi.org/10.1109/TPS-ISA56441.2022.00035
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

A Look at the Security and Privacy of Fitbit as a Health Activity Tracker

Privacy and Security Challenges in Internet of Things

Internet of Things security

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations