I still see you! Inferring fitness data from encrypted traffic of wearables
| Autor: | Evangelos P. Markatos, Harry Manifavas, Thomas Marchioro, Andrei Kazlouski |
|---|---|
| Rok vydání: | 2023 |
| Předmět: | |
| Zdroj: | HEALTHINF Proceedings of the 14th International Joint Conference on Biomedical Engineering Systems and Technologies |
| Popis: | In this paper we describe a cyberattack against 2 well-known wearable devices. The attacker presented in this paper is an “honest but curious” Internet Service Provider (ISP) sitting somewhere in the path between the device and the cloud. The ISP launches the attack when the smartbands try to synchronize their data with the permanent cloud storage. By launching its attack, this “honest but curious” ISP is able to learn much personal information about the users of the smartbands, including the frequency of measuring the users’ heart rate and weight; the number and duration of workouts; as well as whether (i) sleep or (ii) steps were recorded on a given day. We show that privacy leaks might occur even when the transferred data are fully encrypted, and the representative mobile application utilizes state-of-the-art security mechanisms: certificate pinning, and source code obfuscation. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|