Advertisement

Cybersecurity Assessment of the Polar Bluetooth Low Energy Heart-Rate Sensor

  • S. SoderiEmail author
Conference paper
First Online:
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 297)

Abstract

Wireless communications among wearable and implantable devices implement the information exchange around the human body. Wireless body area network (WBAN) technology enables non-invasive applications in our daily lives. Wireless connected devices improve the quality of many services, and they make procedures easier. On the other hand, they open up large attack surfaces and introduces potential security vulnerabilities. Bluetooth low energy (BLE) is a low-power protocol widely used in wireless personal area networks (WPANs). This paper analyzes the security vulnerabilities of a BLE heart-rate sensor. By observing the received signal strength indicator (RSSI) variations, it is possible to detect anomalies in the BLE connection. The case-study shows that an attacker can easily intercept and manipulate the data transmitted between the mobile app and the BLE device. With this research, the author would raise awareness about the security of the heart-rate information that we can receive from our wireless body sensors.

Keywords

Bluetooth BLE Security Sensor MitM Heart-rate WBAN Privacy 
This is a preview of subscription content, log in to check access.

References

  1. 1.
  2. 2.
    Apple iPhone SE - Technical Specifications. https://support.apple.com/kb/sp738?locale=en_GB
  3. 3.
  4. 4.
  5. 5.
  6. 6.
  7. 7.
  8. 8.
  9. 9.
  10. 10.
    BlueZ: An Official Linux Bluetooth protocol stack. http://www.bluez.org
  11. 11.
    BtleJuice Bluetooth Smart (LE) Man-in-the-Middle framework. https://github.com/DigitalSecurity/BtleJuice
  12. 12.
  13. 13.
    Polar Beat Free Fitness and Training App. https://www.polar.com/en/products/polar_beat
  14. 14.
    SysML Open Source Project - What is SysML? https://sysml.org
  15. 15.
    IEEE Standard for Local and metropolitan area networks - Part 15.6: Wireless Body Area Networks, February 2012. https://doi.org/10.1109/IEEESTD.2012.6161600
  16. 16.
    NIST 800–30. Guide for Conducting Risk Assessments Revision 1 (2012)Google Scholar
  17. 17.
  18. 18.
    Smart body area networks (smartban): system description, January 2018. http://www.etsi.org/deliver/etsi_tr/103300_103399/103394/01.01.01_60/tr_103394v010101p.pdf
  19. 19.
    Cyr, B.S., Horn, W., Miao, D., Specter, M.: Security analysis of wearable fitness devices ( fitbit ) (2014). https://pdfs.semanticscholar.org/f4ab/ebef4e39791f358618294cd8d040d7024399.pdf
  20. 20.
    Das, A.K., Pathak, P.H., Chuah, C.N., Mohapatra, P.: Uncovering privacy leakage in BLE network traffic of wearable fitness trackers. In: Proceedings of the 17th International Workshop on Mobile Computing Systems and Applications, HotMobile 2016, pp. 99–104. ACM, New York (2016). http://doi.acm.org/10.1145/2873587.2873594
  21. 21.
    Filizzola, D., Fraser, S., Samsonau, N.: Security analysis of Bluetooth technology (2018). https://courses.csail.mit.edu/6.857/2018/project/Filizzola-Fraser-Samsonau-Bluetooth.pdf
  22. 22.
    Karani, R., Dhote, S., Khanduri, N., Srinivasan, A., Sawant, R., Gore, G., Joshi, J.: Implementation and design issues for using Bluetooth low energy in passive keyless entry systems. In: 2016 IEEE Annual India Conference (INDICON), pp. 1–6, December 2016.  https://doi.org/10.1109/INDICON.2016.7838978
  23. 23.
    Melamed, T.: An active man-in-the-middle attack on Bluetooth smart devices. Int. J. Saf. Secur. Eng. 8, 200–211 (2018).  https://doi.org/10.2495/SAFE-V8-N2-200-211CrossRefGoogle Scholar
  24. 24.
    Mucchi, L., Jayousi, S., Martinelli, A., Caputo, S., Marcocci, P.: An overview of security threats, solutions and challenges in WBANs for healthcare. In: 2019 13th International Symposium on Medical Information and Communication Technology (ISMICT), pp. 1–6, May 2019.  https://doi.org/10.1109/ISMICT.2019.8743798
  25. 25.
    Partala, J., et al.: Security threats against the transmission chain of a medical health monitoring system. In: 2013 IEEE 15th International Conference on e-Health Networking, Applications Services (Healthcom), pp. 243–248, October 2013. https://doi.org/10.1109/HealthCom.2013.6720675
  26. 26.
    Pycroft, L., Aziz, T.Z.: Security of implantable medical devices with wireless connections: the dangers of cyber-attacks. Expert Rev. Med. Devices 15(6), 403–406 (2018).  https://doi.org/10.1080/17434440.2018.1483235. pMID: 29860880CrossRefGoogle Scholar
  27. 27.
    Scarfone, K.A., Padgette, J.: NIST SP 800–121. Guide to Bluetooth Security (2008)Google Scholar
  28. 28.
    Tosi, J., Taffoni, F., Santacatterina, M., Sannino, R., Formica, D.: Performance evaluation of bluetooth low energy: a systematic review. Sensors 17, 2898 (2017).  https://doi.org/10.3390/s17122898CrossRefGoogle Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2019

Authors and Affiliations

  1. 1.FlorenceItaly

Personalised recommendations

Cite paper

Buy options