Skip to main content
SpringerLink
Log in

Cybersecurity Assessment of the Polar Bluetooth Low Energy Heart-Rate Sensor

  • Conference paper
  • First Online:
Body Area Networks: Smart IoT and Big Data for Intelligent Health Management (BODYNETS 2019)

Included in the following conference series:

Abstract

Wireless communications among wearable and implantable devices implement the information exchange around the human body. Wireless body area network (WBAN) technology enables non-invasive applications in our daily lives. Wireless connected devices improve the quality of many services, and they make procedures easier. On the other hand, they open up large attack surfaces and introduces potential security vulnerabilities. Bluetooth low energy (BLE) is a low-power protocol widely used in wireless personal area networks (WPANs). This paper analyzes the security vulnerabilities of a BLE heart-rate sensor. By observing the received signal strength indicator (RSSI) variations, it is possible to detect anomalies in the BLE connection. The case-study shows that an attacker can easily intercept and manipulate the data transmitted between the mobile app and the BLE device. With this research, the author would raise awareness about the security of the heart-rate information that we can receive from our wireless body sensors.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Adafruit Bluefruit LE Connect. https://itunes.apple.com/it/app/adafruit-bluefruit-le-connect/id830125974?mt=8

  2. Apple iPhone SE - Technical Specifications. https://support.apple.com/kb/sp738?locale=en_GB

  3. Bluetooth 16 Bit UUIDs For Members. https://www.bluetooth.com/specifications/assigned-numbers/16-bit-uuids-for-members

  4. Bluetooth Core Specifications. https://www.bluetooth.com/specifications/bluetooth-core-specification

  5. Bluetooth GATT Characteristics. https://www.bluetooth.com/specifications/gatt/characteristics/

  6. Bluetooth GATT Services. https://www.bluetooth.com/specifications/gatt/services/

  7. Bluetooth Market Update 2018. https://www.bluetooth.com/markets/market-report

  8. Bluetooth Radio Versions. https://www.bluetooth.com/bluetooth-technology/radio-versions

  9. Bluetooth SIG. https://www.bluetooth.com

  10. BlueZ: An Official Linux Bluetooth protocol stack. http://www.bluez.org

  11. BtleJuice Bluetooth Smart (LE) Man-in-the-Middle framework. https://github.com/DigitalSecurity/BtleJuice

  12. Polar. https://www.polar.com/en

  13. Polar Beat Free Fitness and Training App. https://www.polar.com/en/products/polar_beat

  14. SysML Open Source Project - What is SysML? https://sysml.org

  15. IEEE Standard for Local and metropolitan area networks - Part 15.6: Wireless Body Area Networks, February 2012. https://doi.org/10.1109/IEEESTD.2012.6161600

  16. NIST 800–30. Guide for Conducting Risk Assessments Revision 1 (2012)

    Google Scholar 

  17. OWASP Testing Guide v4 (2014). https://www.owasp.org/index.php/OWASP_Testing_Project

  18. Smart body area networks (smartban): system description, January 2018. http://www.etsi.org/deliver/etsi_tr/103300_103399/103394/01.01.01_60/tr_103394v010101p.pdf

  19. Cyr, B.S., Horn, W., Miao, D., Specter, M.: Security analysis of wearable fitness devices ( fitbit ) (2014). https://pdfs.semanticscholar.org/f4ab/ebef4e39791f358618294cd8d040d7024399.pdf

  20. Das, A.K., Pathak, P.H., Chuah, C.N., Mohapatra, P.: Uncovering privacy leakage in BLE network traffic of wearable fitness trackers. In: Proceedings of the 17th International Workshop on Mobile Computing Systems and Applications, HotMobile 2016, pp. 99–104. ACM, New York (2016). http://doi.acm.org/10.1145/2873587.2873594

  21. Filizzola, D., Fraser, S., Samsonau, N.: Security analysis of Bluetooth technology (2018). https://courses.csail.mit.edu/6.857/2018/project/Filizzola-Fraser-Samsonau-Bluetooth.pdf

  22. Karani, R., Dhote, S., Khanduri, N., Srinivasan, A., Sawant, R., Gore, G., Joshi, J.: Implementation and design issues for using Bluetooth low energy in passive keyless entry systems. In: 2016 IEEE Annual India Conference (INDICON), pp. 1–6, December 2016. https://doi.org/10.1109/INDICON.2016.7838978

  23. Melamed, T.: An active man-in-the-middle attack on Bluetooth smart devices. Int. J. Saf. Secur. Eng. 8, 200–211 (2018). https://doi.org/10.2495/SAFE-V8-N2-200-211

    Article  Google Scholar 

  24. Mucchi, L., Jayousi, S., Martinelli, A., Caputo, S., Marcocci, P.: An overview of security threats, solutions and challenges in WBANs for healthcare. In: 2019 13th International Symposium on Medical Information and Communication Technology (ISMICT), pp. 1–6, May 2019. https://doi.org/10.1109/ISMICT.2019.8743798

  25. Partala, J., et al.: Security threats against the transmission chain of a medical health monitoring system. In: 2013 IEEE 15th International Conference on e-Health Networking, Applications Services (Healthcom), pp. 243–248, October 2013. https://doi.org/10.1109/HealthCom.2013.6720675

  26. Pycroft, L., Aziz, T.Z.: Security of implantable medical devices with wireless connections: the dangers of cyber-attacks. Expert Rev. Med. Devices 15(6), 403–406 (2018). https://doi.org/10.1080/17434440.2018.1483235. pMID: 29860880

    Article  Google Scholar 

  27. Scarfone, K.A., Padgette, J.: NIST SP 800–121. Guide to Bluetooth Security (2008)

    Google Scholar 

  28. Tosi, J., Taffoni, F., Santacatterina, M., Sannino, R., Formica, D.: Performance evaluation of bluetooth low energy: a systematic review. Sensors 17, 2898 (2017). https://doi.org/10.3390/s17122898

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Florence, Italy

    S. Soderi

Authors
  1. S. Soderi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to S. Soderi .

Editor information

Editors and Affiliations

  1. Department of Information Engineering, University of Florence, Florence, Italy

    Lorenzo Mucchi

  2. Centre for Wireless Communications, University of Oulu, Oulu, Finland

    Matti Hämäläinen

  3. University of Florence, Florence, Italy

    Sara Jayousi

  4. University of Florence, Florence, Italy

    Simone Morosi

Rights and permissions

Reprints and permissions

Copyright information

© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Soderi, S. (2019). Cybersecurity Assessment of the Polar Bluetooth Low Energy Heart-Rate Sensor. In: Mucchi, L., Hämäläinen, M., Jayousi, S., Morosi, S. (eds) Body Area Networks: Smart IoT and Big Data for Intelligent Health Management. BODYNETS 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 297. Springer, Cham. https://doi.org/10.1007/978-3-030-34833-5_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-34833-5_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-34832-8

  • Online ISBN: 978-3-030-34833-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation