Cleartext Data Transmissions in Consumer IoT Medical Devices

TL;DR

This paper presents a method to detect cleartext data in consumer IoT medical devices' network traffic, revealing potential privacy risks and providing a monitoring system for users.

Contribution

It introduces a three-step approach for capturing and analyzing IoT traffic to identify cleartext leaks, along with a user-friendly monitoring system for home networks.

Findings

One device leaks sensitive health information in cleartext.

The system effectively detects and visualizes data transmissions.

Multiple devices exhibit varying levels of data security.

Abstract

This paper introduces a method to capture network traffic from medical IoT devices and automatically detect cleartext information that may reveal sensitive medical conditions and behaviors. The research follows a three-step approach involving traffic collection, cleartext detection, and metadata analysis. We analyze four popular consumer medical IoT devices, including one smart medical device that leaks sensitive health information in cleartext. We also present a traffic capture and analysis system that seamlessly integrates with a home network and offers a user-friendly interface for consumers to monitor and visualize data transmissions of IoT devices in their homes.