Visible to the public Security Analysis of Bluetooth Low Energy Based Smart Wristbands

TitleSecurity Analysis of Bluetooth Low Energy Based Smart Wristbands
Publication TypeConference Paper
Year of Publication2017
AuthorsZhang, Q., Liang, Z.
Conference Name2017 2nd International Conference on Frontiers of Sensors Technologies (ICFST)
KeywordsAndroid software application, Batteries, Biomedical monitoring, Bluetooth, bluetooth low energy, brute-force attacks, Denial of Service attacks, Heart rate, Human Behavior, man-in-the-middle attacks, mobile computing, privacy, pubcrawl, replay attacks, resilience, Resiliency, Scalability, security, security of data, smart watch, smart wristband, smart wristbands, Tools, Trade agreements, wearable computers, wearable devices, wearables security

Wearable devices are being more popular in our daily life. Especially, smart wristbands are booming in the market recently, which can be used to monitor health status, track fitness data, or even do medical tests, etc. For this reason, smart wristbands can obtain a lot of personal data. Hence, users and manufacturers should pay more attention to the security aspects of smart wristbands. However, we have found that some Bluetooth Low Energy based smart wristbands have very weak or even no security protection mechanism, therefore, they are vulnerable to replay attacks, man-in-the-middle attacks, brute-force attacks, Denial of Service (DoS) attacks, etc. We have investigated four different popular smart wristbands and a smart watch. Among them, only the smart watch is protected by some security mechanisms while the other four smart wristbands are not protected. In our experiments, we have also figured out all the message formats of the controlling commands of these smart wristbands and developed an Android software application as a testing tool. Powered by the resolved command formats, this tool can directly control these wristbands, and any other wristbands of these four models, without using the official supporting applications.

Citation Keyzhang_security_2017