Assessing pairing and data exchange mechanism security in the wearable internet of things

Kerolos Lotfy, Matthew L. Hale

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Scopus citations

Abstract

The consumer wearable economy is a rapidly growing sector with an ever increasingly number of use cases mostly focused on the quantified self. Whether used for fitness tracking, mobile health monitoring, or as remote controllers for connected smartphone apps, wearables typically come equipped with a wide variety of different sensors such as accelerometers, pulsometors, and thermometers to capture data such as, respectively, the user's movements, heart-rate, and temperature. Once data is captured it is then typically wirelessly transmitted, using Bluetooth LE (low energy) to an awaiting smartphone. Since the data may be sensitive and/or personally identifiable, it is critical that this exchange and the pairing mechanisms used to set up the connection remain secure and resilient to eavesdropping attacks. This paper empirically evaluates the data exchange mechanisms of a variety of major commercial wearable products to determine if, and how well, the products live up to this security constraint. As part of this effort, the work also investigates the three different types of Bluetooth LE pairing strategies at a packet and protocol level. The results show presumably secure pairing strategies have glaring security vulnerabilities that affect all of the devices examined. In addition to this publication, efforts are underway to report these vulnerabilities to US-CERT.

Original languageEnglish (US)
Title of host publicationProceedings - 2016 IEEE International Conference on Mobile Services, MS 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages25-32
Number of pages8
ISBN (Electronic)9781509026258
DOIs
Publication statusPublished - Dec 16 2016
Event2016 IEEE 5th International Conference on Mobile Services, MS 2016 - San Francisco, United States
Duration: Jun 27 2016Jul 2 2016

Publication series

NameProceedings - 2016 IEEE International Conference on Mobile Services, MS 2016

Other

Other2016 IEEE 5th International Conference on Mobile Services, MS 2016
CountryUnited States
CitySan Francisco
Period6/27/167/2/16

    Fingerprint

Keywords

  • Bluetooth
  • Internet of things
  • Man-in-the-middle attacks
  • Pairing
  • Security
  • Vulernability discovery
  • Wearables

ASJC Scopus subject areas

  • Computer Science Applications
  • Computer Networks and Communications

Cite this

Lotfy, K., & Hale, M. L. (2016). Assessing pairing and data exchange mechanism security in the wearable internet of things. In Proceedings - 2016 IEEE International Conference on Mobile Services, MS 2016 (pp. 25-32). [7787031] (Proceedings - 2016 IEEE International Conference on Mobile Services, MS 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/MobServ.2016.15