Securing Fitness Trackers


The fusion of social networks and wearable sensors is becoming increasingly popular. Systems like Fitbit and Garmin Forerunner automate the process of reporting and sharing user fitness data. One goal of this project is to show that while compelling, the careless integration of health data into social networks is fraught with privacy and security vulnerabilities. Case in point, by reverse engineering the communication protocol, storage details and operation codes, we identified several vulnerabilities in Fitbit Ultra and Garmin Forerunner 610 products. We have developed FitBite and GarMax, tools for retrieving personal user data and for injecting arbitrary data from/to nearby trackers (10ft for Fitbit and 33ft for Garmin).

We believe that the vulnerabilities and the gaps that we identified in the security of Fitbit are a symptom of the nature of quickly introducing new wearable consumer devices to the market. In an effort to help add security to new product designs, another goal of this project is to devise solutions that guarantees secure sensor and fitness data storage, and transmission for lightweight personal trackers. We plan to exploit a time-space tradeoff to reduce the hardware and computation requirements imposed on trackers, while still imposing insignificant additional storage costs on trackers.

Preliminary snapshots

     

Fig. 1. Fitbit system components: tracker, base, and laptop.

Fig. 2. Outcome of tracker injection (TI) attack on Fitbit

Fig. 3. Binding protocol between user, tracker and web server

Publications

  1. [IEEE TMC] "Secure Management of Low Power Fitness Trackers"
    Mahmudur Rahman, Bogdan Carbunar, Umut Topkara.
    IEEE Transactions on Mobile Computing (TMC), Volume 15, Number 2, February 2016. [pdf]

  2. [IEEE ICNP] "Concise Paper: SensCrypt: A Secure Protocol for Managing Low Power Fitness Trackers"
    Mahmudur Rahman, Bogdan Carbunar, Umut Topkara.
    In Proceedings of the 22nd IEEE International Conference on Network Protocols (ICNP), [acceptance rate=18.99\%], Raleigh, North Carolina, October 2014. [pdf]

  3. [HotPETS@PETS] "Fit and Vulnerable: Attacks and Defenses for a Health Monitoring Device"
    Mahmudur Rahman, Bogdan Carbunar, Madhusudan Banik.
    The 6th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs), held in conjunction with PETS, July 2013. [pdf]

Source Code

SensCrypt.zip

Please contact us to negotiate the release of our attack tools, FitBite and GarMax. We do this in order to ensure an academic use of the tools and prevent their distribution and use for malicious purposes.

Media Coverage

  1. Paul Roberts. The Security Ledger. "Fitbitten: Researchers Exploit Health Monitor To Earn Workout Rewards"
  2. Amanda Alvarez. GigaOM. "Keeping Fitbit safe from hackers and cheaters with FitLock"
  3. Kathleen Comte. L'Atelier. "Les systemes de partage de donnees d'auto-mesure doivent-ils etre plus securises ?"
  4. Rachel Reilly. Daily Mail. "The tiny gadget that turns your fridge off when you eat too much"
  5. Robert Vamosi. Mocana. "FitBit Health Monitors Hacked"