I still See You! Inferring Fitness Data from Encrypted Traffic of Wearables

Andrei Kazlouski, Andrei Kazlouski, Thomas Marchioro, Thomas Marchioro, Harry Manifavas, Harry Manifavas, Evangelos Markatos, Evangelos Markatos

Abstract

In this paper we describe a cyberattack against 2 well-known wearable devices. The attacker presented in this paper is an “honest but curious” Internet Service Provider (ISP) sitting somewhere in the path between the device and the cloud. The ISP launches the attack when the smartbands try to synchronize their data with the permanent cloud storage. By launching its attack, this “honest but curious” ISP is able to learn much personal information about the users of the smartbands, including the frequency of measuring the users’ heart rate and weight; the number and duration of workouts; as well as whether (i) sleep or (ii) steps were recorded on a given day. We show that privacy leaks might occur even when the transferred data are fully encrypted, and the representative mobile application utilizes state-of-the-art security mechanisms: certificate pinning, and source code obfuscation.

Download


Paper Citation


in Harvard Style

Kazlouski A., Marchioro T., Manifavas H. and Markatos E. (2021). I still See You! Inferring Fitness Data from Encrypted Traffic of Wearables.In Proceedings of the 14th International Joint Conference on Biomedical Engineering Systems and Technologies - Volume 4: HEALTHINF, ISBN 978-989-758-490-9, pages 369-376. DOI: 10.5220/0010233103690376


in Bibtex Style

@conference{healthinf21,
author={Andrei Kazlouski and Thomas Marchioro and Harry Manifavas and Evangelos Markatos},
title={I still See You! Inferring Fitness Data from Encrypted Traffic of Wearables},
booktitle={Proceedings of the 14th International Joint Conference on Biomedical Engineering Systems and Technologies - Volume 4: HEALTHINF,},
year={2021},
pages={369-376},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010233103690376},
isbn={978-989-758-490-9},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 14th International Joint Conference on Biomedical Engineering Systems and Technologies - Volume 4: HEALTHINF,
TI - I still See You! Inferring Fitness Data from Encrypted Traffic of Wearables
SN - 978-989-758-490-9
AU - Kazlouski A.
AU - Marchioro T.
AU - Manifavas H.
AU - Markatos E.
PY - 2021
SP - 369
EP - 376
DO - 10.5220/0010233103690376