Abstract:
Smart wearable devices are increasingly used to track health conditions and monitor health-related activities, such as blood pressure monitors, oximeters, and smartwatche...Show MoreMetadata
Abstract:
Smart wearable devices are increasingly used to track health conditions and monitor health-related activities, such as blood pressure monitors, oximeters, and smartwatches. Such smart wearable devices often rely on Bluetooth Low Energy (BLE) to send health measurement data to the smartphone, which may then use Wi-Fi to sync up data to the cloud. Several recent works have explored passive attacks on the BLE or Wi-Fi or WAN traffic to infer user activities through the packet metadata. In our work, we take a first step towards investigating the effectiveness of active attacks that intercept the Bluetooth connection between the device and phone, enabling the adversary to extract user health data from encrypted Bluetooth packets which cannot be observed by passive attackers. We find that several popular wearable health devices are vulnerable to the attacks. The reason is rooted in the lack of security mechanisms adopted by these devices in their BLE implementations. Our work highlights the risks posed by Bluetooth traffic from wearable health devices and motivates the need to adopt secure Bluetooth practices to better protect user privacy.
Published in: 2024 IEEE Security and Privacy Workshops (SPW)
Date of Conference: 23-23 May 2024
Date Added to IEEE Xplore: 04 July 2024
ISBN Information: