Advertisement

Threats and Vulnerabilities Affecting Fitness Wearables: Security and Privacy Theoretical Analysis

  • Sophia MoganediEmail author
  • Dalenca PottasEmail author
Conference paper
  • 27 Downloads
Part of the Communications in Computer and Information Science book series (CCIS, volume 1166)

Abstract

The introduction of fitness wearables has encouraged users to take control of their health and fitness habits. These wearables are capable of collecting real-time data through the sensors embedded within the devices. The collection of real-time data about the users is a concern, as exactly what data is collected by these wearables is not clear to the users. Security threats and vulnerabilities in the fitness wearable domain continue to increase due to the increasing use of these wearables. This study aims to investigate and analyse security vulnerabilities and threats that affect fitness wearables from a security and privacy perspective. The execution of this study involves two phases of methodology. The first phase employs a systematic literature review and qualitative content analysis to identify the threats and vulnerabilities affecting fitness wearables. The second phase employs the Microsoft STRIDE framework and CIA triad to conduct an analysis of the threats and vulnerabilities. The output of this study indicates that security is still a great concern, as these fitness wearables are exposed to various security threats. Furthermore, these security threats increase due to the many components that are part of the fitness wearable architecture creating multiple entry points for attackers.

Keywords

Internet of Things (IoT) Fitness wearables Security Vulnerability Privacy Threats 

References

  1. 1.
    Elo, S., Kyngas, H.: The qualitative content analysis process. J. Adv. Nurs. 62(1), 107–115 (2007)CrossRefGoogle Scholar
  2. 2.
    Krippendorff, K.: Content Analysis an Introduction to its Methodology, vol. 31, no. 6, 2 edn. Sage Publications, Inc., Thousand Oaks (1980)Google Scholar
  3. 3.
    O’Connor, H., Gibson, N.: A step-by-step guide to qualitative data analysis. Pimatiziwin: A J. Aborig. Indig. Community Health 1(1), 63–90 (2017)Google Scholar
  4. 4.
    Bengtsson, M.: NursingPlus open how to plan and perform a qualitative study using content analysis. NursingPlus Open 2, 8–14 (2016)CrossRefGoogle Scholar
  5. 5.
    Erlingsson, C., Brysiewicz, P.: A hands-on guide to doing content analysis. Afr. J. Emerg. Med. 7(3), 93–99 (2017)CrossRefGoogle Scholar
  6. 6.
    Schreier, M.: Qualitative Content Analysis. SAGE, Thousand Oaks (2012)Google Scholar
  7. 7.
    Graneheim, U.H., Lindgren, B.M., Lundman, B.: Methodological challenges in qualitative content analysis: a discussion paper. Nurse Educ. Today 56, 29–34 (2017)CrossRefGoogle Scholar
  8. 8.
    Shostack, A.: Threat Modeling: Designing Security. Wiley, Hoboken (2014)Google Scholar
  9. 9.
    Savol, R.M., Abie, H.: Development of measurable security for a distributed messaging system. Int. J. Adv. Secur. 2(4), 358–380 (2009)Google Scholar
  10. 10.
    Savola, R.M.: A security metrics taxonomization model for software-intensive systems. J. Inf. Process. Syst. 5(4), 197–206 (2009)CrossRefGoogle Scholar
  11. 11.
    Koul, A.: What’s the 5 pillars of information security? (2017). https://www.quora.com/Whats-the-5-pillars-of-information-security. Accessed 10 July 2019
  12. 12.
    Mnjama, J., Foster, G., Irwin, B.: A privacy and security threat assessment framework for consumer health wearables. In: Information Security for South Africa (ISSA) 2017 (2017)Google Scholar
  13. 13.
    Rahman, M., Carbunar, B., Topkara, U.: Concise paper: SensCrypt: a secure protocol for managing low power fitness trackers. In: IEEE 22nd International Conference on Network Protocol 2014, pp. 191–196 (2014)Google Scholar
  14. 14.
    Rahman, M., Carbunar, B., Banik, M.: Fit and vulnerable: attacks and defenses for a health monitoring device. In: 34th IEEE Symposium on Security and Privacy (2013)Google Scholar
  15. 15.
    Carlson, H.: Potential security threats to wearable technology (2017). https://axiomcyber.com/cybersecurity/potential-security-threats-to-wearable-technology/. Accessed 20 July 2018
  16. 16.
    Ching, K.W., Singh, M.M.: Wearable technology devices security and privacy vulnerability analysis. Int. J. Netw. Secur. Appl. 8(3), 19–30 (2016)Google Scholar
  17. 17.
    Das, A.K., Pathak, P.H., Chuah, C., Mohapatra, P.: Uncovering privacy leakage in BLE network traffic of wearable fitness trackers. In: HotMobile 2016 Proceedings of the 17th International Workshop on Mobile Computing Systems and Applications 2016, pp. 99–104 (2016)Google Scholar
  18. 18.
    Walter, C., Riley, I., He, X., Robards, E., Gamble, R.F.: Toward predicting secure environments for wearable devices. In: Proceedings of the 50th Hawaii International Conference on System Sciences 2017, pp. 1402–1410 (2017)Google Scholar
  19. 19.
    Siboni, S., Shabtai, A., Tippenhauer, N.O., Lee, J., Elovici, Y.: Advanced security TestBed framework for wearable IoT devices. J. ACM Trans. Internet Technol. Spec. Issue Internet Things Smart Secur. Serv. Deliv. 16(4), 1–25 (2016)CrossRefGoogle Scholar
  20. 20.
    de Arriba-Pérez, F., Caeiro-Rodríguez, M., Santos-Gago, J.M.: Collection and processing of data from wrist wearable devices in heterogeneous and multiple-user scenarios. Sensors 19(9), 1538 (2016)CrossRefGoogle Scholar
  21. 21.
    Banerjee, S.S., Hemphill, T., Longstreet, P.: Wearable devices and healthcare: data sharing and privacy. Inf. Soc. Int. J. 34(1), 49–57 (2018)CrossRefGoogle Scholar
  22. 22.
    Mahinderjit, M.S., Ching, K.W., Manaf, A.A.: A novel out-of-band biometrics authentication scheme for wearable devices. Int. J. Comput. Appl. 1–13 (2018)Google Scholar
  23. 23.
    Määttä, J., Hadid, A., Pietikäinen, M.: Face spoofing detection from single images using texture and local shape analysis. In: International Joint Conference on Biometrics 2012, p. 3 (2012)Google Scholar
  24. 24.
    Shrestha, P., Saxena, N.: An offensive and defensive exposition of wearable. J. ACM Comput. Surv. 50(6), 1–39 (2017)CrossRefGoogle Scholar
  25. 25.
    Yang, Z., Zhang, Z.: The study on resolutions of STRIDE threat model. In: Proceedings of the 2007 1st International Symposium on Information Technologies and Applications in Education, ISITAE 2007, pp. 271–273 (2007)Google Scholar
  26. 26.
    McGoogan, C.: Fitness devices can be hacked, research shows (2017). https://www.telegraph.co.uk/technology/2017/09/14/fitbit-devices-can-hacked-research-shows/. Accessed 27 Sept 2018
  27. 27.
    Sandle, T.: New cybersecurity vulnerability with fitness monitors. Digit. J. (2017). http://www.digitaljournal.com/tech-and-science/technology/new-cybersecruity-vulnerability-with-fitness-monitors/article/504514. Accessed 10 Mar 2019
  28. 28.
    Fereidooni, H., Frassetto, T., Miettinen, M., Sadeghi, A.R., Conti, M.: Fitness trackers: fit for health but unfit for security and privacy. In: Proceedings - 2017 IEEE 2nd International Conference on Connected Health: Applications, Systems and Engineering Technologies, CHASE 2017, pp. 19–24 (2017)Google Scholar
  29. 29.
    Islam, M., Lautenbach, A., Sandberg, C., Olovsson, T.: A risk assessment framework for automotive embedded systems. In: Proceedings of the 2nd ACM International Workshop on Cyber-Physical System Security 2016, pp. 3–14 (2016)Google Scholar
  30. 30.
    Zhou, J., Cao, Z., Dong, X., Vasilakos, A.V.: Security and privacy for cloud-based IoT: challenges, countermeasures, and future directions. IEEE Commun. Mag. 55, 26–33 (2017)CrossRefGoogle Scholar
  31. 31.
    Khan, S.A.: Fuzzy preferences based STRIDE threat model for network intrusion detection. Int. J. Comput. Netw. Technol. 5(3), 107–111 (2017)CrossRefGoogle Scholar
  32. 32.
    Hallam, C., Zanella, G.: Wearable device data and privacy: a study of perception and behavior. World J. Manag. 7(1), 82–91 (2016)CrossRefGoogle Scholar
  33. 33.
    Lowens, B., Motti, V.G., Caine, K.: Wearable privacy: skeletons in the data closet. In: Proceedings - 2017 IEEE International Conference on Healthcare Informatics, ICHI 2017, pp. 295–304 (2017)Google Scholar
  34. 34.
    Do, Q., Martini, B., Choo, K.R.: Is the data on your wearable device secure ? An android wear smartwatch case study. Softw. Pract. Exp. 47, 391–403 (2017)CrossRefGoogle Scholar
  35. 35.
    Banerjee, S., Hemphill, T., Longstreet, P.: Is IOT a threat to consumer consent? The perils of wearable devices’ health data exposure (2017)Google Scholar
  36. 36.
    Saikiran, P., SureshBabu, E., Padmini, D., SriLalitha, V., Krishnnand, V.: Security issues and countermeasures of three tier architecture of IoT - a survey. Int. J. Pure Appl. Math. 115(6), 49–57 (2017)Google Scholar
  37. 37.
    UcedaVelez, T., Morana, M.M.: Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis, 1st edn. Wiley, New Jersey (2015)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.CSIRPretoriaSouth Africa
  2. 2.School of Information and Communication TechnologyNelson Mandela UniversityPort ElizabethSouth Africa

Personalised recommendations