Fit and Vulnerable: Attacks and Defenses for a Health Monitoring Device

Description

The fusion of social networks and wearable sensors is becoming increasingly popular, with systems like Fitbit automating the process of reporting and sharing user fitness data. In this paper we show that while compelling, the careless integration of health data into social networks is fraught with privacy and security vulnerabilities. Case in point, by reverse engineering the communication protocol, storage details and operation codes, we identified several vulnerabilities in Fitbit. We have built FitBite, a suite of tools that exploit these vulnerabilities to launch a wide range of attacks against Fitbit. Besides eavesdropping, injection and denial of service, several attacks can lead to rewards and financial gains. We have built FitLock, a lightweight defense system that protects Fitbit while imposing only a small overhead. Our experiments on BeagleBoard and Xperia devices show that FitLock's end-to-end overhead over Fitbit is only 2.4%

Project snapshot

     

Fig. 1. Fitbit system components: tracker, base, and laptop.

Fig. 2. Outcome of tracker injection (TI) attack on Fitbit

Fig. 3. The BindTrackerUser protocol between the user, tracker and the web server

People

  1. Student
  1. Mahmudur Rahman: Phd Candidate, Florida Intl University.
  2. Madhusudan Banik: Phd Student, Florida Intl University.
  1. Faculty
  1. Bogdan Carbunar: Professor, Florida Intl University.

Publication

  • [IEEE S&P] (Poster) Fit and Vulnerable: Attacks and Defenses for a Health Monitoring Device.
    Mahmudur Rahman, Bogdan Carbunar, Madhusudan Banik.
    34th IEEE Symposium on Security and Privacy, San Francisco, May 2013.

  • [(HotPETs] Fit and Vulnerable: Attacks and Defenses for a Health Monitoring Device.
    Mahmudur Rahman, Bogdan Carbunar, Madhusudan Banik.
    6th Workshop on Hot Topics in Privacy Enhancing Technologies , Bloomington, July, 2013.

    • Media Coverage

  • [The Security Ledger] Fitbitten: Researchers Exploit Health Monitor To Earn Workout Rewards

  • [GigaOM] Keeping Fitbit safe from hackers and cheaters with FitLock

  • [Daily Mail] The tiny gadget that turns your fridge off when you eat too much (FitLock)

  • [Mocana] FitBit Health Monitors Hacked

  • [L'Atelier (French)] Les systèmes de partage de données d'auto-mesure doivent-ils être plus sécurisés ?

    • Download

    We implemented FitLock in Android. We have tested the tracker side of FitLock on a Revision C4 of the BeagleBoard and an Xperia smartphone. In addition, we have used two Dell laptops, one equipped with a 2.4GHz Intel Core i5 and 4GB of RAM, was used for the web server (built on the Apache web server 2.4) and the other, equipped with a 2.3GHz Intel Core i5 and 4GB of RAM, was used for the base. We implemented a client-server Bluetooth socket communication protocol between the tracker (Xperia smartphone) and the base using PyBluez python library. FitBite was implemented on Ubuntu OS using ANT and libfitbit library.

    To exploit the vulnerabilities to attack Fitbit , you can download:

     

    1. FitBite: A suite of tools that exploit the vulnerabilities to attack Fitbit.
    1. BM(Base Module): The program to retrieve data from the tracker, inject false values and upload them into the account of the corresponding user on the webserver.
    2. TM(Tracker Module): The program to read and temper (write) the tracker data.

    To secure the Fitbit system, you can download:

     

    1. FitLock:  A lightweight defense system that protects Fitbit while imposing only a small overhead.
    1. Base side: The program which runs on user’s machine and acts as a middleware between the webserver and the tracker.
    2. Tracker side: The program which runs on the Fitbit tracker and communicates with the base.
    3. Webserver side: The program which keeps the user and device profile and stores the fitness data of the user.