Heath Device Security and Privacy: A Comparative Analysis of Fitbit, Jawbone, Google Glass and Samsung Galaxy Watch

ABM Kamrul Islam Riad, Hossain Shahrlar, Chi Zhang and Farhat Lamia Barsha

Introduction

Mobile health devices are most commonly used for health fitness and user health status-recording purposes. These devices have grown significantly in recent years, and these mobile health devices are normally in fashion mobile health device forms such as watches, glasses, wristbands or jewellery items (Mobile Health Device Technology Market Research Report, 2018 [1]). In 2018, nearly 3.7 billion new Bluetooth-enabled devices were shipped worldwide to consumers [2]. Health devices are connected to the cloud server through the Internet, enabling device owners to interact with their user records and exchange personal information such as heart rate, geolocation and daily eating habits. These devices are connected to the Internet, such as Wi-Fi networks, more than ever before and have become part of the Internet of Things (IoT). In theory, connecting devices through the IoT allows users to control or automate digital tasks so that various unexpected user data such as habits, daily activities and location tracking records are delivered to third-party observers (Federal Trade Commission Staff Report on the November, 2013 [3]). Health devices provide less security compared to computing devices because of limited bandwidth and processing power [4].

Therefore, mobile devices bring new challenges in terms of users’ security and privacy that increase vulnerability to an array of possible attacks due to the limitation of their space and memory capacity. Mobile health devices require pairing with smartphones to establish the connection with cloud servers for data exchange. The complexity of this communication among various paths generates security vulnerabilities such as personal information leaking and privacy hacking by hackers. Financial loss is possible as some fitness mobile devices allow their users to access their bank accounts for quick payment to a selected financial institute or agency [5].

Researchers raise concerns about the security of wearable devices. HP labs (Internet of Things Security Study, 2015 [6]) found that most of the mobile health devices are vulnerable to user data security breach because of poor security firmware systems in the devices. In many cases, firmware update vulnerability allows attackers to inject malicious codes into devices [7]. At the Hack.lu 2015 security conference in Luxembourg [8], a researcher reported that a PC can be affected through malicious code injection when Fitbit devices plug into the PC through Bluetooth pairing within 10 seconds. The weakness of firmware, the gateway of applications and the service of servers are the main concerns about security and privacy leakage of mobile health fitness devices. The health devices build the connection through smartphone apps as a gateway to connect to web service, the open interface for interoperability. Hackers target the weak point of these interfaces which have become a security threat for these wearable health devices. Therefore, vulnerability to attacks such as SQL injection and Cross-Site Scripting (CSS) is through the connection gateway [9].

In this chapter, we discuss the strengths and features of mobile health devices apart from user data security and privacy attacks that occur due to poor security firmware in mobile health devices. The goal of this analysis is to understand security and privacy on mobile health devices and user data transferring methods with the security testing processes of many mobile health devices including Fitbit, Jawbone,

Google Glass and Samsung Galaxy Watch, based on various related prior works and research.

The chapter is organized as follows. First, we discuss related works. Then, we discuss the security and privacy of four wearable devices, Fitbit, Jawbone, Google Glass and Samsung Galaxy Watch. For each of the devices, we analyse strengths and weaknesses in terms of related security threats stemming from the network and data. We also introduce a testing process to secure the devices. Finally, we conclude the chapter.

Related Works

Wearable devices can help users to monitor their health and fitness by tracking data from movements to heart rate and even blood pressure. Meanwhile, continued research actively focuses on the privacy and security of these devices. Many research works have been published with the focus on the user data security and privacy leakage for mobile health devices. In 2014, Britt Cyr published a user data security and privacy properties analysis of Fitbit devices, focusing on the security weaknesses between Fitbit Bluetooth devices and a smartphone application during traffic synchronization [10]. They found that Fitbit collected data without acquiring the device owner’s consent and that the MAC addresses of Fitbit devices never changed which enabled correlated attacks [11]. Researcher reports that man-in-the-middle attacks intercepted the Bluetooth Low Energy (BTLE) credential during device pairing over TLS [10-12]. A follow-up study in 2018 by Matthew analysed three devices, Fitbit, Pebble and Jawbone, and found out that all three devices exposed their connection forming packet when pairing, which would enable server attacks because these packets allow an attacker to follow the connection after it is initiated.

In 2016, Ke Wan Ching performed security analysis of wearable health devices, especially Google Glass which is an eyewear device, and they found a lack of authentication due to an unsecure PIN system [7]. In addition, Seyedmostafa and Zarian revealed that Google Glass can take pictures and record videos without the user’s consent which breaches the user’s privacy [13]. One of the security and privacy concerns is regulated from various research forums, M-health applications that facilitate interactions between mobile health devices and mobile phones to visualize the data record of users. In the General Data Protection Regulation in the EU [14], the European Commission emphasizes data protection, and that tracking and monitoring patients’ health information such as activities, locations visited and dieting habits would be made severely vulnerable in future by the use of mobile applications. Similarly, the report in [15] states that users’ data security and confidentiality would be challenged to ensure compliance with HIPAA regulations due to mobile health devices’ vulnerability and their data being compromised by third parties. Wu identified that even a trustworthy network within the organization, in terms of the enforced process of data encryption and authentication mechanism, is vulnerable because third parties may gain elevated privileges due to secret access keys and certification processes from the users’ ends [15]. They suggested that security key agreement and distribution among the nodes in the network could be the strongest possible authentication process in accordance with HIPAA guidelines for privacy and data security [15]. A blog of the vulnerability of fitness trackers [5] pointed out that most wearable fitness trackers need to initiate a built-in security mechanism while connecting to other devices or applications for data collection. The mobile devices’ data are stored in a local server without an encryption key. The lack of security mechanism causes the devices to be extremely vulnerable to cybercriminal attacks. In this scenario, the cybercriminal can inject random step computation values into memory and the mobile health devices would generate this count value to the server as a valid encoded frame [5]. A group of researchers (University of Toronto) investigated the Bluetooth privacy, data integrity and transmission security of some fitness trackers. They discovered that all of the mobile health device trackers have numerous user data security and privacy issues [16]. They released the key findings of security and privacy leakage for many of the fitness trackers except Apple Watch. The Jawbone UP application consistently sends out the user’s precise geolocation while Bellabeat, Garmin and Withings applications fail to use transit-level security, causing data to be visible in transmission [17].

Analysing Wearable Health Devices

Analysis of Fitbit

The Fitbit tracker (https://www.fitbit/whyfitbit) tracks various users’ activities including number of steps walked, sleep pattern and quality as well as other personal health measurements such as body temperature, pulse rate, food habits and body weight. Fitbit introduced a series of technology on workout tracking such as PurePulse, SmartTrack and Sleep Tracking—a technology that automatically recognizes users’ exercise and records the data through the smartphone app.

• Strengths of the Fitbit Device

SmartTracking activities—Fitbit uses a simple accelerometer that is called a smart algorithm. SmartTrack uses a three-axis accelerometer to identify the intensity and patterns of the user’s movement and determines the type of activities [2]. To measure heartbeat, photoplethysmography, a low-cost and simple optical technique that can be used to detect blood volume changes, is used for PurePulse. Photoplethysmography is a light-based technology used to measure blood circulation and changes in the volume of the blood in the wrist. With photoplethysmography, Fitbit uses an optical heart rate monitor to detect the pulse by shining a green light through the skin to see blood flow.

• Data Security of Fitbit Devices

Data security is one of the major security vulnerabilities found in many mobile health devices. Fitbit continuously adds software patches to improve the users’ data security and privacy for its devices [18]. For authenticity security purposes the device protects data through regular firmware updates. However, a lack of authentication is one of the biggest vulnerabilities in Fitbit devices and generally occurs on the trackers’ side so the potential cybercriminal can easily collect the user’s personal data without their consent.

The University of Edinburgh conducted research on how information could be stolen from Fitbit. It was found that it is possible to intercept messages transmitted between the cloud server and fitness tracker. This allowed researchers to access users’ information that would cause unauthorized personal data to be shared with third parties (Tara Seals US/North America News, 2017 [19]).

• Fitbit System Overview

The Fitbit devices are designed to rest in a data buffer locally on the device. Data synchronization is performed through smartphone applications for Android, iOS and desktop. Fitbit devices send the user’s activity to the Fitbit cloud server over Wi-Fi or Internet connection during data synchronizing. During data synchronization, the Fitbit application forwards the user’s activity data to the Fitbit warehouse. User data activities are fetched from Fitbit devices during each synchronization.

In Figure 6.1, synchronization is formed over Bluetooth between the Fitbit device and a smartphone or personal computer. The Bluetooth Low Energy (BTLE) (Fitbit Help) is used for data synchronization between smartphone applications or personal computers over Internet/Wi-Fi Fitbit cloud service revealed in an encrypted session.

• Analysing Bluetooth Communication

Mobile health devices have built-in Bluetooth that permits devices such as smartphones, computers and peripherals to transfer data or voice wirelessly over short distances. Bluetooth measures a reasonably protected wireless connection that is encoded, stopping casual snooping or eavesdropping from other devices at short distances [20]. However, there is always a security risk involved, such as malicious attacks through Bluetooth networking by hackers. For instance, “bluesnarfing” is

the unauthorized access to information from a wireless device through a Bluetooth connection, while “bluebugging” allows attacks to take over all functions of mobile phones. A vulnerability in Bluetooth devices including Fitbit allows third parties to gain sensitive information from the devices such as exact locations. The information is leaked as different Bluetooth devices communicate with each other differently to establish a connection. When transmitting information between two devices, one device must first establish a central role in the connection and the other device plays a peripheral role. For example, in a pairing of a Bluetooth Fitbit SmartTrack with an iPhone, the iPhone would play the role of central device and Fitbit SmartTrack would be the peripheral device that indicates an available connection where the signals contain the IP address of a mobile device and a payload containing data about the connection.

• Fitbit Device Tracking

The devices originate randomized addresses that automatically configure periodically and attempt to improve privacy instead of maintaining one permanent address [21]. But it was discovered by researchers that the device can be tracked even as its random address originates. Random data are a unique identifier of the device that are supposed to be changed periodically, but in that case this identifier doesn’t change in sync with the address. In this case, the research team found that Fitbit devices lack address changes or randomization completely which means they are considered extremely susceptible to tracking even without the use of a sniffer algorithm. The research further addresses that restarting the Fitbit device or draining its battery does not change the access address. It indicates that the data could be tracked in Fitbit devices if the Fitbit’s access address never changes.

Analysis of Jawbone

Jawbone is a powerful health activity monitor, food and sleep tracker device worn on the wrist like the Fitbit mobile health device. Jawbone uses an internal accelerometer and algorithm to track users’ day-to-day activities and suggests helpful lifestyle tips through the accompanying Up App (Jawbone). Jawbone UP24 fitness tracker had a big upgrade from its original design, with new features and resolving some serious first-generation issues [22, 23].

• Strength of Jawbone

The Jawbone UP tracker has a hardware button to save the battery from drainage while not aiming for connection. One of the good security features of Jawbone is the Bluetooth activation switch that requires a user paring PIN code to initiate communication with smartphone applications. While establishing a Bluetooth connection, the device starts publicizing and searching for other peers after pressing the button. In this situation, when paired devices are not reachable to demand devices, the device responds to connection requests from other Bluetooth devices.

• Data Security of Jawbone Tracker

As the Bluetooth LE connection described, devices should change the Bluetooth device MAC address randomly in order to improve privacy instead of maintaining one permanent address [24]. But unfortunately, this security feature is found to be absent in the Jawbone tracker device since it uses the same MAC address permanently. This causes potential data security and privacy issues, when the users can be traced easily for their precise location, and user data could be manipulated by the attacker. While using the GattTool command is one of the ways to write and read the potential features of the device, shell script is another way to pretend a Denial of Service (DoS) attack for originating connection requests and reading the characteristics of the devices. In this scenario, if the Jawbone UP tracker is connected to the paired device, it does not accept the further connection request.

• Jawbone UP Tracker Overview

Parson’s research team [16, 17, 25] found that during the routine use of the device application, Jawbone UP trackers passively share the user’s precise current location. It is unclear to the researchers what the reason is for this passive location tracking, and the collection of information is not linked with some given fitness activities. In general, when users open a mobile application, the Jawbone tracker transmits longitude and latitude to its servers; these transmissions are connected with the predefined user events, such as syncing w'ith the device and opening the application. This testing describes that these geographical data have a precision of up to 14 decimal points and it effectively releases the fitness device location within a few millimetres. It is found that users do not know' that the location transmission occurs when they restore their timelines. Figure 6.2 shows that the Jawbone UP tracker sends a user’s exact location when the user connects with a smartphone application.

Figure 6.2 show's that Jawbone routinely transmits precise geolocation information when users open the apps or sync their mobile health device to their iPhone [25]. The Jawbone UP fitness data transmission between the mobile application and health devices servers is generally secured using HTTPS [25]. However, both Android and iOS applications have vulnerabilities because both applications create false generated fitness data for their individual account. Although HTTPS is a secure communication network between user and server, HTTPS does not cover the security and privacy protection of end users.

Analysis of Google Glass

Google Glass is the earliest mobile health device that boosted the growth of mobile health device technology. The frame of the Google Glass is a pair of glasses into which is built a computer eyewear device. It affords various structures that users feel very comfortable using, but Google Glass is only available for enterprise which means the Google Glass is not available for individuals’ usage. How'ever, many concerns about users’ data security and privacy issues by many healthcare researchers

FIGURE 6.2 Jawbone UP application sharing user location.

mean that Google Glass is not free from vulnerability, and client data security and privacy can be threatened.

• Strength of Google Glass

Google Glass basically performs through user voice commands [13, 26, 27]. Users can send messages without using their hands, and it has video and camera capabilities that differentiate it from other mobile health fitness devices such as Fitbit and Jawbone. These glasses provide numerous distinct useful applications for health organizations and hospital staff. Video conferences between doctors and medical associates are one of the most unique features of Google Glasses [27, 28]. Google Glass facilitates an ample number of health cases throughout conferences about patient treatment between medical professionals and other co-facilitated health organizations.

• Data Security of Google Glass

The connection system of Google Glass is content-based image retrieval (CBIR) which allows health staff to search a patient’s medical history for accurate information while consulting with physicians and patients [27, 28]. Apart from these facilities Google Glass has a major concern about patients’ data security and privacy. Researchers have found that Google Glass does not have a concrete authentication process to protect the user’s data security and privacy due to lack of a secure enough PIN system. The Google Glass privacy threat is significantly different from other fitness trackers that use mobile phones and apps to collect user data. Google Glass supports eye movement tracking that may cause authentication issues [29]. In addition, Syedmostafa and Zarina revealed that [13] Google Glass is able to capture user pictures and has a video-recording capability which may be a violation of users’ privacy. Most significantly, there were numerous factual case reports concerning data security and privacy associated with Google Glass when it was first released.

A research team exposed a serious security threat to do with how Google Glass interprets Quick Response (QR) codes while it snaps a photo back; they found that Google Glass can scan a malicious QR code that forces the device to connect to a hostile Wi-Fi access point, so man-in-the-middle attacks can perform session hijacking or sniffing or remotely gain root access to a Glass device and take control without the wearer’s knowledge. Moreover, the QR code is not the only way to initiate a security breach; sniffing or session hijacking can be performed by man-in-the middle attacks and such an attack can be implemented without the device recognizing any QR code [29].

• Google Glass Bluetooth Communication

Google Glass Bluetooth pairing is comparatively the same as other fitness devices. It is essential to pair Glass to a phone or tablet that has full Bluetooth capabilities via the MyGlass app from the Google Play Store [24, 30]. There is a concern that the Google Glass battery gets drained more quickly while connected through Bluetooth rather than a Wi-Fi connection [31].

Analysis of Samsung Galaxy Watch

Another mobile health device which makes people’s daily lives easier is the Samsung Galaxy Watch which has a notification feature. By synchronizing all data to the phone, important alerts and notifications are sent directly to the wrist. Flowever, this device is also not free from vulnerabilities. According to an HP study [32], the Samsung Galaxy Watch contains vulnerabilities such as a weak authentication process, lack of encryption and also lack of privacy.

• Strength of Samsung Galaxy Watch

The Samsung Galaxy Watch works as a personal trainer by measuring heart rate and can track six activities of a user’s exercise by counting the distance and recording the number of steps. It also works as a daily assistant by displaying the next ten hours’ schedule. It provides reminders and health data to the user day to day. It is 5 ATM water resistant and has a durability of military standard. Besides this, it can also measure stress levels, calories, sleeping habits and water intake levels.

• Data Security of Samsung Galaxy Watch

The Samsung Galaxy Watch has a security lock system and PIN setting. This lock depends on a Bluetooth connection; when the connection is ended the device is automatically locked and has to be unlocked using the PIN. But this security is not strong enough. Brute-force attacks can easily gain access to this device. Romania-based Bitdefender [32] researchers found that a six-digit PIN code and Bluetooth connection between two paired devices can easily be hacked by brute-force attacks which is a risk for users’ security and privacy issues. Besides this, because of weak authentication mechanisms, data can be accessed from the computer without unlocking the device. And it also has a lack of encryption which increases vulnerabilities.

• Samsung Galaxy Watch Bluetooth Communication

To connect the Samsung Galaxy Watch with a mobile device, the Galaxy mobile health device app needs to be installed on the mobile device. Users can download this app from the Play Store and Samsung Android device users can download this app from the Galaxy Store or Play Store. Since Bluetooth has low energy usage, it has weak security features, so hackers can gain control of the system and data can be stolen [32].