Cybersecurity Assessment of the Polar Bluetooth Low Energy Heart-rate Sensor

TL;DR

This paper analyzes security vulnerabilities in BLE heart-rate sensors used in wireless body area networks, demonstrating how attackers can intercept and manipulate data, raising awareness about potential privacy and security risks.

Contribution

The study provides a detailed security assessment of BLE heart-rate sensors, highlighting specific vulnerabilities and demonstrating attack methods to improve awareness and security measures.

Findings

RSSI variations can detect anomalies in BLE connections

Attackers can intercept and manipulate data between devices

Security vulnerabilities pose risks to personal health data

Abstract

Wireless communications among wearable and implantable devices implement the information exchange around the human body. Wireless body area network (WBAN) technology enables non-invasive applications in our daily lives. Wireless connected devices improve the quality of many services, and they make procedures easier. On the other hand, they open up large attack surfaces and introduces potential security vulnerabilities. Bluetooth low energy (BLE) is a low-power protocol widely used in wireless personal area networks (WPANs). This paper analyzes the security vulnerabilities of a BLE heart-rate sensor. By observing the received signal strength indicator (RSSI) variations, it is possible to detect anomalies in the BLE connection. The case-study shows that an attacker can easily intercept and manipulate the data transmitted between the mobile app and the BLE device. With this research, the author would raise awareness about the security of the heart-rate information that we can receive from our wireless body sensors.