Security threat on wearable services: Empirical study using a commercial smartband

摘要

As the use of wearable devices such as smartwatches, smartbands and wearable glasses increases, the concern about their security also becomes serious. In this study, we explore various vulnerabilities of wearable services with three aspects: device itself, wearable gateway and server. Then, we devise three attack scenarios, namely an illegal device pairing attack, a fake wearable gateway attack and an insecure code based attack. Using a real commercial smartband used for healthcare monitoring, we observe that these scenarios actually can intrude wearable services, obtaining privacy data such as personal identifiers and health information. Finally, we analyze these attacks with the viewpoint of the OWASP (Open Web Application Security Project) IoT (Internet of Things) Top 10 security weaknesses and suggest countermeasures that can prevent these attacks.