{"title":"普通和私密健康物联网设备及应用程序的蓝牙安全分析:FemTech 案例","authors":"Stephen Cook, Maryam Mehrnezhad, Ehsan Toreini","doi":"10.1007/s10207-024-00883-3","DOIUrl":null,"url":null,"abstract":"<p>The number of digital health products is increasing faster than ever. These technologies (e.g. mobile apps and connected devices) collect massive amounts of data about their users, including health, medical, sex life, and other intimate data. In this paper, we study a set of 21 Internet of Things (IoT) devices advertised for general and intimate health purposes of female bodies (aka female-oriented technologies or FemTech). We focus on the security of the Bluetooth connection and communications between the IoT device and the mobile app. Our results highlight serious security issues in the current off-the-shelf FemTech devices. These include unencrypted Bluetooth traffic, unknown Bluetooth services and insecure Bluetooth authentication when connecting to the app. We implement Bluetooth attacks on the communication between these devices and apps, resulting in malfunctioning of the device and app. We discuss our results and provide recommendations for different stakeholders to improve the security practices of Bluetooth-enabled IoT devices in such a sensitive and intimate domain.\n</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"6 1","pages":""},"PeriodicalIF":2.4000,"publicationDate":"2024-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Bluetooth security analysis of general and intimate health IoT devices and apps: the case of FemTech\",\"authors\":\"Stephen Cook, Maryam Mehrnezhad, Ehsan Toreini\",\"doi\":\"10.1007/s10207-024-00883-3\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>The number of digital health products is increasing faster than ever. These technologies (e.g. mobile apps and connected devices) collect massive amounts of data about their users, including health, medical, sex life, and other intimate data. In this paper, we study a set of 21 Internet of Things (IoT) devices advertised for general and intimate health purposes of female bodies (aka female-oriented technologies or FemTech). We focus on the security of the Bluetooth connection and communications between the IoT device and the mobile app. Our results highlight serious security issues in the current off-the-shelf FemTech devices. These include unencrypted Bluetooth traffic, unknown Bluetooth services and insecure Bluetooth authentication when connecting to the app. We implement Bluetooth attacks on the communication between these devices and apps, resulting in malfunctioning of the device and app. We discuss our results and provide recommendations for different stakeholders to improve the security practices of Bluetooth-enabled IoT devices in such a sensitive and intimate domain.\\n</p>\",\"PeriodicalId\":50316,\"journal\":{\"name\":\"International Journal of Information Security\",\"volume\":\"6 1\",\"pages\":\"\"},\"PeriodicalIF\":2.4000,\"publicationDate\":\"2024-08-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Information Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1007/s10207-024-00883-3\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10207-024-00883-3","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Bluetooth security analysis of general and intimate health IoT devices and apps: the case of FemTech
The number of digital health products is increasing faster than ever. These technologies (e.g. mobile apps and connected devices) collect massive amounts of data about their users, including health, medical, sex life, and other intimate data. In this paper, we study a set of 21 Internet of Things (IoT) devices advertised for general and intimate health purposes of female bodies (aka female-oriented technologies or FemTech). We focus on the security of the Bluetooth connection and communications between the IoT device and the mobile app. Our results highlight serious security issues in the current off-the-shelf FemTech devices. These include unencrypted Bluetooth traffic, unknown Bluetooth services and insecure Bluetooth authentication when connecting to the app. We implement Bluetooth attacks on the communication between these devices and apps, resulting in malfunctioning of the device and app. We discuss our results and provide recommendations for different stakeholders to improve the security practices of Bluetooth-enabled IoT devices in such a sensitive and intimate domain.
期刊介绍:
The International Journal of Information Security is an English language periodical on research in information security which offers prompt publication of important technical work, whether theoretical, applicable, or related to implementation.
Coverage includes system security: intrusion detection, secure end systems, secure operating systems, database security, security infrastructures, security evaluation; network security: Internet security, firewalls, mobile security, security agents, protocols, anti-virus and anti-hacker measures; content protection: watermarking, software protection, tamper resistant software; applications: electronic commerce, government, health, telecommunications, mobility.