1. 1
Laura Barilli laura.barilli@mail.polimi.it
Luisa Cucugliato luisa.cucugliato@mail.polimi.it
Thursday, March 31, 2016
Politecnico di Milano
Dipartimento di Elettronica, Informazione e Bioingegneria (DEIB)
Analysis of State of art
NECST lab, Via Ponzio, Building 20
Reverse Engineering of Biomedical Elaborated Signal
3. Fitness
• Nike+ Fuel Band
• Fitbit
• Xiaomi
• Jawbone
• Misfit
• Garmin
http://www.fool.com/investing/general/2016/01/09/how-apple-watch-can-gain-wearables-market-share-in.aspx
Support for athletes activity
2014 7.1 million units
2015 21.2 million units
3
4. Medical
• Empatica Embrace
• Angel Sensor
Doctor
Patients
Monitoring of medical disorders
https://www.empatica.com
4
5. Closed source
• Xiaomi
• Jawbone
• Nike+ Fuel Band
• Empatica Embrace
• Fitbit
Accessibilityofdata
Open source
• Angel sensor
Vs
5
7. Closed source
• Xiaomi
• Jawbone
• Nike+ Fuel Band
• Empatica Embrace
• Fitbit
Accessibilityofdata
Access of data is
facilitated by Bluetooth
communication
http://arxiv.org/pdf/1304.5672v1.pdf http://www.techinsider.io/7-fitness-trackers-fail-basic-security-test-2016-2
7
8. Reverse engineering
Nike+ Fuel Band
https://www.evilsocket.net/2015/01/29/nike-fuelband-se-ble-protocol-reversed/
Simone Margaritelli
8
9. Reverse engineering
Fitbit
“An attacker can reverse engineer the Fitbit protocols
and send malware to the wearable fitness tracker
nearby at a Bluetooth distance, which would then be
transferred to any PC the Fitbit came into contact with.”
http://thehackernews.com/2015/10/hack-fitbit.html
Khyati Jain
9
11. Why Xiaomi
• Economic
• Easy to reverse
• Comfortable
• Battery last 30 days
• Easy to buy
11
12. Why Xiaomi
• Economic
• Easy to reverse
• Comfortable
• Battery last 30 days
• Easy to buy
We want to use the data detected from a cheap fitness tracker
to study medical conditions
Fitness Medical
12
13. Contacts
Reverse Engineering of
Biomedical Elaborated Signal
Laura.barilli@mail.polimi.it
Luisa.cucugliato@mail.polimi.it
https://www.facebook.com/reebes.project2016/
13
Hinweis der Redaktion
Tom Pohl…Ho completamente invertito il suo protocollo e ha scoperto i seguenti punti chiave:
Il sistema di autenticazione è vulnerabile , chiunque potrebbe collegare al dispositiv
Cosa faremo di diverso? Portare il braccialetto in campo medico. Perché? Perche vogliamo usare i dati per studiare determinate oatologie. Vogliamo creare un braccialetto medico economico