Abstract
Wireless communications among wearable and implantable devices implement the information exchange around the human body. Wireless body area network (WBAN) technology enables non-invasive applications in our daily lives. Wireless connected devices improve the quality of many services, and they make procedures easier. On the other hand, they open up large attack surfaces and introduces potential security vulnerabilities. Bluetooth low energy (BLE) is a low-power protocol widely used in wireless personal area networks (WPANs). This paper analyzes the security vulnerabilities of a BLE heart-rate sensor. By observing the received signal strength indicator (RSSI) variations, it is possible to detect anomalies in the BLE connection. The case-study shows that an attacker can easily intercept and manipulate the data transmitted between the mobile app and the BLE device. With this research, the author would raise awareness about the security of the heart-rate information that we can receive from our wireless body sensors.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Adafruit Bluefruit LE Connect. https://itunes.apple.com/it/app/adafruit-bluefruit-le-connect/id830125974?mt=8
Apple iPhone SE - Technical Specifications. https://support.apple.com/kb/sp738?locale=en_GB
Bluetooth 16 Bit UUIDs For Members. https://www.bluetooth.com/specifications/assigned-numbers/16-bit-uuids-for-members
Bluetooth Core Specifications. https://www.bluetooth.com/specifications/bluetooth-core-specification
Bluetooth GATT Characteristics. https://www.bluetooth.com/specifications/gatt/characteristics/
Bluetooth GATT Services. https://www.bluetooth.com/specifications/gatt/services/
Bluetooth Market Update 2018. https://www.bluetooth.com/markets/market-report
Bluetooth Radio Versions. https://www.bluetooth.com/bluetooth-technology/radio-versions
Bluetooth SIG. https://www.bluetooth.com
BlueZ: An Official Linux Bluetooth protocol stack. http://www.bluez.org
BtleJuice Bluetooth Smart (LE) Man-in-the-Middle framework. https://github.com/DigitalSecurity/BtleJuice
Polar. https://www.polar.com/en
Polar Beat Free Fitness and Training App. https://www.polar.com/en/products/polar_beat
SysML Open Source Project - What is SysML? https://sysml.org
IEEE Standard for Local and metropolitan area networks - Part 15.6: Wireless Body Area Networks, February 2012. https://doi.org/10.1109/IEEESTD.2012.6161600
NIST 800–30. Guide for Conducting Risk Assessments Revision 1 (2012)
OWASP Testing Guide v4 (2014). https://www.owasp.org/index.php/OWASP_Testing_Project
Smart body area networks (smartban): system description, January 2018. http://www.etsi.org/deliver/etsi_tr/103300_103399/103394/01.01.01_60/tr_103394v010101p.pdf
Cyr, B.S., Horn, W., Miao, D., Specter, M.: Security analysis of wearable fitness devices ( fitbit ) (2014). https://pdfs.semanticscholar.org/f4ab/ebef4e39791f358618294cd8d040d7024399.pdf
Das, A.K., Pathak, P.H., Chuah, C.N., Mohapatra, P.: Uncovering privacy leakage in BLE network traffic of wearable fitness trackers. In: Proceedings of the 17th International Workshop on Mobile Computing Systems and Applications, HotMobile 2016, pp. 99–104. ACM, New York (2016). http://doi.acm.org/10.1145/2873587.2873594
Filizzola, D., Fraser, S., Samsonau, N.: Security analysis of Bluetooth technology (2018). https://courses.csail.mit.edu/6.857/2018/project/Filizzola-Fraser-Samsonau-Bluetooth.pdf
Karani, R., Dhote, S., Khanduri, N., Srinivasan, A., Sawant, R., Gore, G., Joshi, J.: Implementation and design issues for using Bluetooth low energy in passive keyless entry systems. In: 2016 IEEE Annual India Conference (INDICON), pp. 1–6, December 2016. https://doi.org/10.1109/INDICON.2016.7838978
Melamed, T.: An active man-in-the-middle attack on Bluetooth smart devices. Int. J. Saf. Secur. Eng. 8, 200–211 (2018). https://doi.org/10.2495/SAFE-V8-N2-200-211
Mucchi, L., Jayousi, S., Martinelli, A., Caputo, S., Marcocci, P.: An overview of security threats, solutions and challenges in WBANs for healthcare. In: 2019 13th International Symposium on Medical Information and Communication Technology (ISMICT), pp. 1–6, May 2019. https://doi.org/10.1109/ISMICT.2019.8743798
Partala, J., et al.: Security threats against the transmission chain of a medical health monitoring system. In: 2013 IEEE 15th International Conference on e-Health Networking, Applications Services (Healthcom), pp. 243–248, October 2013. https://doi.org/10.1109/HealthCom.2013.6720675
Pycroft, L., Aziz, T.Z.: Security of implantable medical devices with wireless connections: the dangers of cyber-attacks. Expert Rev. Med. Devices 15(6), 403–406 (2018). https://doi.org/10.1080/17434440.2018.1483235. pMID: 29860880
Scarfone, K.A., Padgette, J.: NIST SP 800–121. Guide to Bluetooth Security (2008)
Tosi, J., Taffoni, F., Santacatterina, M., Sannino, R., Formica, D.: Performance evaluation of bluetooth low energy: a systematic review. Sensors 17, 2898 (2017). https://doi.org/10.3390/s17122898
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Soderi, S. (2019). Cybersecurity Assessment of the Polar Bluetooth Low Energy Heart-Rate Sensor. In: Mucchi, L., Hämäläinen, M., Jayousi, S., Morosi, S. (eds) Body Area Networks: Smart IoT and Big Data for Intelligent Health Management. BODYNETS 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 297. Springer, Cham. https://doi.org/10.1007/978-3-030-34833-5_20
Download citation
DOI: https://doi.org/10.1007/978-3-030-34833-5_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34832-8
Online ISBN: 978-3-030-34833-5
eBook Packages: Computer ScienceComputer Science (R0)