10.24251/HICSS.2021.827">
 

Security analysis of a medical IoT device: Data leakage to an eavesdropper

Document Type

Conference Proceeding

Publication Date

1-5-2021

Abstract

Embedded technology known as the Internet of Things (IoT) has been integrated into everyday life, from the home, to the farm, industry, enterprise, the battlefield, and even for medical devices. With the increased use of networked devices comes an increased attack surface for malicious actors to gather and inject data, putting the privacy of users at risk. This research considers the Masimo MightySat fingertip pulse oximeter and the companion Masimo Professional Health app from a security standpoint, analyzing the Bluetooth Low Energy (BLE) communication from the device to the application and the data leakage between the two. It is found that with some analysis of a personally owned Masimo MightySat Rx through the use of an Ubertooth BLE traffic sniffer, static analysis of the HCI snoop.log and application data, and dynamic analysis of the app, data could be reasonably captured for another MightySat and interpret it to learn user health data.

Comments

Alternative title: Security Analysis of the Masimo MightySat: Data Leakage to a Nosy Neighbor

The "Link to Full Text" on this page opens the conference paper at the publisher website.

This is an Open Access conference paper published by the University of Hawaii, distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives License, which permits non-commercial re-use, distribution, and reproduction in any medium, provided the original work is properly cited, and is not altered, transformed, or built upon in any way. CC BY-NC-ND 4.0

Source Publication

Proceedings of the Annual Hawaii International Conference on System Sciences

Link to Full Text

Share

COinS