# Secure Management of Low Power Fitness Trackers

**Authors:** Mahmudur Rahman, Bogdan Carbunar, Umut Topkara

arXiv: 1703.08455 · 2017-03-27

## TL;DR

This paper identifies security vulnerabilities in popular fitness trackers, introduces tools to exploit these vulnerabilities, and proposes a lightweight, secure protocol and platform to enhance data security and reduce synchronization overhead.

## Contribution

It presents novel attack tools for fitness trackers, a new secure protocol SensCrypt, and an affordable Arduino-based tracker platform to improve security and efficiency.

## Key findings

- Vulnerabilities found in Fitbit Ultra and Garmin Forerunner 610
- SensCrypt effectively secures data against identified attacks
- Sens.io reduces synchronization overhead significantly

## Abstract

The increasing popular interest in personal telemetry, also called the Quantified Self or "lifelogging", has induced a popularity surge for wearable personal fitness trackers. Fitness trackers automatically collect sensor data about the user throughout the day, and integrate it into social network accounts. Solution providers have to strike a balance between many constraints, leading to a design process that often puts security in the back seat. Case in point, we reverse engineered and identified security vulnerabilities in Fitbit Ultra and Gammon Forerunner 610, two popular and representative fitness tracker products. We introduce FitBite and GarMax, tools to launch efficient attacks against Fitbit and Garmin.   We devise SensCrypt, a protocol for secure data storage and communication, for use by makers of affordable and lightweight personal trackers. SensCrypt thwarts not only the attacks we introduced, but also defends against powerful JTAG Read attacks. We have built Sens.io, an Arduino Uno based tracker platform, of similar capabilities but at a fraction of the cost of current solutions. On Sens.io, SensCrypt imposes a negligible write overhead and significantly reduces the end-to-end sync overhead of Fitbit and Garmin.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1703.08455/full.md

## Figures

13 figures with captions in the complete paper: https://tomesphere.com/paper/1703.08455/full.md

## References

41 references — full list in the complete paper: https://tomesphere.com/paper/1703.08455/full.md

---
Source: https://tomesphere.com/paper/1703.08455