Security Analysis of the Masimo MightySat: Data Leakage to a Nosy Neighbor

Document Type

Conference Proceeding

Publication Date



Embedded technology known as the Internet of Things (IoT) has been integrated into everyday life, from the home, to the farm, industry, enterprise, the battlefield, and even for medical devices. With the increased use of networked devices comes an increased attack surface for malicious actors to gather and inject data, putting the privacy of users at risk. This research considers the Masimo MightySat fingertip pulse oximeter and the companion Masimo Professional Health app from a security standpoint, analyzing the Bluetooth Low Energy (BLE) communication from the device to the application and the data leakage between the two. It is found that with some analysis of a personally owned Masimo MightySat Rx through the use of an Ubertooth BLE traffic sniffer, static analysis of the HCI\_snoop.log and application data, and dynamic analysis of the app, data could be reasonably captured for another MightySat and interpret it to learn user health data.


The "Link to Full Text" on this page will open or save the PDF of the conference paper, hosted at the conference website.
This is an Open Access conference paper published and distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives License, which permits non-commercial re-use, distribution, and reproduction in any medium, provided the original work is properly cited, and is not altered, transformed, or built upon in any way. CC BY-NC-ND 4.0

Please fully attribute as cited below in any re-use.



Source Publication

Proceedings of the 54th Annual Hawaii International Conference on System Sciences, HICSS 2021