TY - JOUR
AU1 - Al-Sabaawi, Aiman
AU2 - Al-Dulaimi, Khamael
AU3 - Zhao, Ying
AU4 - Simpson, Leonie
AB - PurposeThe use of wearable devices to monitor aspects of personal health is increasing. The Fitbit is an example of a popular device used for this purpose.It is unknown whether users’ privacy (i.e. sensitive data collected from wearable devices) would be leaked via unauthorized access. So, this investigation will answer the following questions; are the data transmissions protected against unauthorised access or modification? what data are transmitted between the device and the server? how much data can be collected by unauthorized access?MethodThis paper describes an investigation into data access in the Fitbit Blaze and, specifically, whether this is possible without connecting to the Fitbit server. A Man-In-The-Middle (MITM) attack was used in this investigation.ResultIn this experiment, the firmware image, transferred when the device connects to the Fitbit server, is first captured and analysed to obtain data. This was done to attempt to identify the encryption method and obtain the unique device MAC address. Secondly, some fitness data, namely, the authentication key, the cryptographic key and the Nonce, were extracted from the Fitbit application. We attempted to connect the Fitbit Blaze device and the Fitbit application directly without connecting via the Fitbit server. We also attempted direct access to the Fitbit Blaze using a charger cable. In addition, Fitbit Java files were extracted from the Fitbit application.ConclusionFinally, the outcomes of this investigation are compared with investigations into other Fitbit devices in the previous research.
TI - Investigating data storage security and retrieval for Fitbit wearable devices
JF - Health and Technology
DO - 10.1007/s12553-024-00885-0
DA - 2024-07-01
UR - https://www.deepdyve.com/lp/springer-journals/investigating-data-storage-security-and-retrieval-for-fitbit-wearable-50vN6T3aVf
SP - 695
EP - 708
VL - 14
IS - 4
DP - DeepDyve
ER -