SlideShare a Scribd company logo

Seven Fitness Wristbands and Apple Watch Security Check 2016

Andrey Apuhtin
Andrey Apuhtin

The security of seven popular fitness trackers and the Apple Watch was tested. Some trackers had issues with Bluetooth visibility, authentication, and data tampering. Pebble Time, Microsoft Band 2, and Basis Peak were among the most secure, while Striiv Fusion, Xiaomi MiBand, and Runtastic Moment Elite had the most security risks due to inconsistencies with authentication, tampering protection, and encrypted data transmission. The Apple Watch was also found to be highly secure, though some encrypted data could be accessed with additional steps.

Software
1 of 8
Download to read offline
created by Markus Selinger18th July 2016 Seven Fitness Wristbands and the Apple Watch in a Security Check 2016 Fitness wristbands and smart watches are extremely popular, not only with sports fans. Health insurance companies are now even subsidizing the purchase of a tracker or rewarding their use, as fit people cost the insurance companies less. That is why the experts from AV-TEST examined 7 of the latest fitness wristbands under Android and the Apple Watch in terms of their security. The result: some manufacturers are continuing to make disappointing errors. Smart watches and fitness wristbands or trackers are popular and are even being at least recommended by health insurers worldwide. In Europe, the legal playing field only allows the health insurance companies to subsidize the wearables. In the United States, there are already offers of premium rebates, as long as the policyholder is able to demonstrate his or her efforts per fitness tracker. The New York startup, Oscar Health, for example, pays policyholders one dollar per day if they reach the daily fitness goal. At first glance, the current and forecast sales figures for fitness trackers mostly elicit an initial "Wow!". According to IDC, in 2014 over 26 million wearables were already sold, in 2015 already more than 75 million, and in 2016 the number is expected to exceed 100 million. Persistent high risks with fitness trackers This test evaluated the latest and best-selling fitness wristbands, along with the Apple Watch. All wristbands operate with a corresponding app on an Android smartphone. That is why the findings are summarized in the test for trackers and apps. The laboratory is also making a very detailed test report available as a PDF. The Apple Watch represents a special case: some test methods cannot be directly applied from Android to the iOS. That is why the evaluation of the Apple Watch is found separately at the end of the article. The following products were tested: - Basis Peak - Microsoft Band 2 - Mobile Action Q-Band - Pebble Time - Runtastic Moment Elite - Striiv Fusion - Xiaomi MiBand - Apple Watch (see end of article) The experts focused on two special issues: 1. From the perspective of the private user, is the data recorded in the tracker or app secure against spying or hacking by third parties? 2. From the perspective of health insurers or other companies, is the data in the tracker or app secure against tampering? The first issue involves the consideration that attackers may use the data or exploit it to the user's disadvantage. It involves private data that rightly needs to be protected. The second issue concerns health insurance companies that reward their policyholders for reaching a fitness goal. If a fitness tracker or app can be manipulated, however, it is inevitable that this approach will be exploited eventually. Three test steps to risk assessment
The testers subjected each fitness wristband to a total of 10 testing criteria, divided up into three areas: tracker, application and online communication. The graph on risk assessment shows the areas in which test candidates have problems and whether the testers classify the particular criterion as a risk. The terms "fault" or "security gap" were explicitly not chosen, as there is only a heightened or high risk of penetration in the areas evaluated, but not explicitly an open door. Nor did the testers make any further attempt to "hack" a risk area. They simply analyzed what an attacker could do in that area and what the consequences would be. Tracker – connection, authentication, tampering Visibility: All fitness trackers use Bluetooth to connect with the smartphone. Here the traditional problems were examined first. One security aspect is invisibility for other Bluetooth devices. You can't connect to or track something that's not there. Only during pairing should the devices be visible for a certain time. This security is only offered by the wristbands from Microsoft and Pebble. Mobile Action claims the capability, but it is still visible. BLE privacy: The second Bluetooth safety aspect is the function of BLE privacy, which has been a feature since Android 5.0. With this feature, the device repeatedly generates a new MAC address for a Bluetooth connection. The actual address is never disclosed and therefore not trackable. This technology is only used by Microsoft Band 2. None of the others know the technology. Ability to be found: Once a device is to be connected, technically speaking there are several options. A very secure solution is exclusive Bluetooth pairing (i.e. the tracker only allows a connection to one known smartphone), which in the test, however, is only used by Basis Peak and Microsoft Band 2. Pebble Time allows connections with several devices, but the user is required to manually confirm each one; that is also secure. The Xiaomi MiBand uses a simple, yet safe method: after a successful pairing, it is simply no longer visible and allows no more connections. Only the wristbands from Striiv, Runtastic and Mobile Action fail to use reliable technology to also prevent connections with unknown devices. Authentication: If a third-party smartphone successfully paired up with a tracker, on some products there is an additional safety feature: authentication. Only three out of seven products use this secondary security threshold consistently: Basis Peak, Microsoft Band 2, and Pebble Time. While Xiaomi does also use the technology, it is quite simple to circumvent and therefore useless under certain circumstances. The other three products either do not offer this additional security or they implement it inadequately. Tamper protection: This item is just as interesting for users as it is presumably for health insurance companies or courts who rely on the authenticity of data. That is why it was tested whether there is an integrity safeguard or access protection for the data stored in the tracker. The protection must be configured so that it prevents access from third parties, and eliminates tampering of data by the smartphone owner. Only the products from Basis, Microsoft, Pebble and Xiaomi offer basic protection in this area. However the device from Xiaomi can also be fooled by weak authentication. It is possible for a third-party to make the wristband vibrate, for example, to change alarm times, or even completely reset the tracker to factory settings. The fitness trackers from Striiv and Mobile Action do not use any adequate and functioning authentication or any other safety mechanisms, and are therefore vulnerable to tampering. On the Striiv Fusion, the values for body measurements of the user could be changed to superhuman parameters. These were then used as inputs for the calculation of distance traveled and calorie burn. On the tracker from Mobile Action, it was also possible to modify the stored user information on weight, height, step length, etc. during the test. These values were also used directly for the calculation of calorie burn and distance traveled. The App – safeguarding and code check Local storage: Even if the technology of the tracker is secure, the corresponding app on the smartphone can be the weakest link. That is why testing was conducted as to whether the apps save data accessible to other apps on the smartphone. The security functions for non-rooted Android devices actually prevent this access. But if data is saved in the wrong place, it is accessible to everyone. Xiaomi MiBand was the only one committing this error. It stores an extensive log file on app activity in a completely open area. This log contains all the transmitted data, as well as user information, alias, body measurements, and much more, which is also used for the authentication process. Code obfuscation: During the second test, the object is to identify sloppy programming of the apps. It was checked whether the apps use code obfuscation. This technology prevents reverse engineering and hides useful information from attackers. The apps from Mobile Action, Pebble and Xiaomi use the technology entirely. The apps from Basis and Runtastic raised flags in this category. They do not consistently use obfuscation – this can enable attackers. The products from Microsoft and Striiv do not use obfuscation at all. Which means that specialists could perform an app analysis.
Log and debug info: An additional programming error is the output of log and debug information. Sometimes there is so much important information in these outputs that other security mechanisms are defeated in the process. Only the app from Mobile Action works cleanly in this category. All the other apps continue to spit out information that attackers would love to get their hands on. Secure online communication The final check involved all connections established by the app. Can the communication be monitored or does it perhaps even occur unencrypted? And if so, what is being transmitted? The good news: all connections that ought to be encrypted are encrypted. Intercepted open HTTP connections were worthless – and therefore probably unencrypted. Furthermore, the lab examined whether the contents of a secure connection were readable after the installation of a root certificate. This evaluation is important, as it is a possible pathway for users to manipulate transmitted data themselves. The products from Basis and Pebble show that security is also possible in this area. They are sufficiently protected against unwanted access. For all other products, it was possible to monitor the secure connections and partly also to successfully tamper with them. Thus, authentication and synchronization data were readable. Conclusion: sports, fun – and lack of security As already witnessed in the initial test of fitness wristbands last year, many manufacturers are also committing similar errors in the current test. They often don't pay sufficient attention to the aspect of security. The risk assessment indicates that the trackers from Pebble Time, Basis Peak and Microsoft Band 2 were among the most secure. They show minor errors, but on aggregate, they offer few opportunities for attackers or tampering. After this test, the manufacturers are certain to also fix a few of the smaller defects via a firmware update. The fitness wristband from Mobile Action indicates multiple risk factors. It features a function that claims to the user that it is invisible for others – but it is not. It also has deficiencies in terms of authentication and tamper protection. In the test, user data could even be modified through the back door. The threesome of Runtastic, Striiv and Xiaomi racked up the most risk points: 7 to 8 possible risk points out of 10. These products can be tracked rather easily, use inconsistent or no authentication or tamper protection, the code of the apps is not sufficiently obfuscated, and data traffic can be manipulated and monitored with root certificates. Worst of all, Xiaomi even stores its entire data unencrypted on the smartphone. You can read more about the comprehensive security study developed by the lab on the testing of fitness trackers in this PDF file. The Apple Watch Put to a Security Check
The Apple Watch as a fitness tracker (photo: Apple). The Apple Watch is also used as a fitness tracker in conjunction with an iPhone. Yet how safely does it handle the data, or can data even be retrieved? The test of the Apple Watch is configured essentially the same way as the test of the Android devices. However, iOS and Android are so different in some areas that the test of various risk criteria could not be performed, whereas others are not relevant for the Apple device. That is why in the category of trackers, the lab only examined the criteria of controlled visibility, BLE privacy and controlled connectivity. In the area of online communication, it was examined whether the connections are encrypted and whether the results can be manipulated using root certificates. Visibility per Bluetooth can be controlled by the user. Thus, the watch cannot be constantly tracked. An interesting element was the test for BLE privacy. In this test, the Apple Watch was supposed to show a different MAC address each time Bluetooth was newly activated. This makes it almost impossible to track. In the test, this function worked repeatedly. If airplane mode is switched on and off, however, the Apple Watch always shows its genuine MAC address to the Bluetooth components. This should actually not be the case. In terms of controlled connectivity, Apple uses a special theft prevention technique: If the Watch has been paired with an account, it can only be released with great effort. A factory reset does not even help here. If a thief then sells the smart watch, the new user could no longer pair up with his own iPhone. In terms of connections, the Apple Watch mostly uses encrypted connections that are additionally secured. Updates, however, only occur unencrypted via HTTP. In connections that were encrypted, yet not further secured, the testers were able to read some of the information. There were lines of text, for example, including the geo data of the user with his or her location – right down to the street address! In a further step, as with Android devices, a root certificate was installed. Afterwards, many connections could be monitored. In this manner, the user himself has more access to the data and could tamper with it. All in all, the Apple Watch receives a high security rating. While the testers did identify certain theoretical vulnerabilities, the time and effort required for attackers to gain access to the watch would be extremely high.
Security Check 2016: Seven Fitness Wristbands and the Apple Watch. 
Fitness wristbands in a security check: Also in this year's test round, some fitness wristbands present a high safety risk. The Apple Watch is missing in the lineup, as it was evaluated separately due to the test differences compared to Android. Test environment: The fitness trackers were connected with the smartphone, the manufacturer apps were examined, attempts were made to fool them per test app, and the connections were monitored with a proxy.  
Pebble Time: This fitness wristband earned the fewest risk points in the test – which translates to high security (photo: Pebble). Microsoft Band 2: Although the Band operates in the Android world, Microsoft makes its use quite secure (Photo: Microsoft).  
Striiv Fusion: With 8 out of 10 risk points, the fitness wristband can be classified as unsafe (photo: Striiv). Copyright © 2015 by AV-TEST GmbH, Klewitzstr. 7, 39112 Magdeburg, Germany Phone +49 (0) 391 60754-60, Fax +49 (0) 391 60754-69, www.av-test.org 

Recommended

Who needs spwyare when you have COVID-19 apps?
Who needs spwyare when you have COVID-19 apps?Who needs spwyare when you have COVID-19 apps?
Who needs spwyare when you have COVID-19 apps?Megan DeBlois
 
IRJET- Authentication System in Social Networks
IRJET- Authentication System in Social NetworksIRJET- Authentication System in Social Networks
IRJET- Authentication System in Social NetworksIRJET Journal
 
Pcsl mobility security_product_test_and_certificate_for_android_201204_english
Pcsl mobility security_product_test_and_certificate_for_android_201204_englishPcsl mobility security_product_test_and_certificate_for_android_201204_english
Pcsl mobility security_product_test_and_certificate_for_android_201204_englishAnatoliy Tkachev
 
Android pcsl 201208_en
Android pcsl 201208_enAndroid pcsl 201208_en
Android pcsl 201208_enAnatoliy Tkachev
 
Mobile Security Trends in the Workplace
Mobile Security Trends in the WorkplaceMobile Security Trends in the Workplace
Mobile Security Trends in the WorkplaceBlueboxer2014
 
Eurecom уличили приложения для Android в тайной от пользователя активности
Eurecom уличили приложения для Android в тайной от пользователя активностиEurecom уличили приложения для Android в тайной от пользователя активности
Eurecom уличили приложения для Android в тайной от пользователя активностиSergey Ulankin
 
AD-MPEX-BRO-09Dec2014
AD-MPEX-BRO-09Dec2014AD-MPEX-BRO-09Dec2014
AD-MPEX-BRO-09Dec2014Leonard Cibelli
 
Norton Mobile Apps Survey Report
Norton Mobile Apps Survey ReportNorton Mobile Apps Survey Report
Norton Mobile Apps Survey ReportSymantec
 

Recommended

Who needs spwyare when you have COVID-19 apps?
Who needs spwyare when you have COVID-19 apps?Who needs spwyare when you have COVID-19 apps?
Who needs spwyare when you have COVID-19 apps?Megan DeBlois
 
IRJET- Authentication System in Social Networks
IRJET- Authentication System in Social NetworksIRJET- Authentication System in Social Networks
IRJET- Authentication System in Social NetworksIRJET Journal
 
Pcsl mobility security_product_test_and_certificate_for_android_201204_english
Pcsl mobility security_product_test_and_certificate_for_android_201204_englishPcsl mobility security_product_test_and_certificate_for_android_201204_english
Pcsl mobility security_product_test_and_certificate_for_android_201204_englishAnatoliy Tkachev
 
Android pcsl 201208_en
Android pcsl 201208_enAndroid pcsl 201208_en
Android pcsl 201208_enAnatoliy Tkachev
 
Mobile Security Trends in the Workplace
Mobile Security Trends in the WorkplaceMobile Security Trends in the Workplace
Mobile Security Trends in the WorkplaceBlueboxer2014
 
Eurecom уличили приложения для Android в тайной от пользователя активности
Eurecom уличили приложения для Android в тайной от пользователя активностиEurecom уличили приложения для Android в тайной от пользователя активности
Eurecom уличили приложения для Android в тайной от пользователя активностиSergey Ulankin
 
AD-MPEX-BRO-09Dec2014
AD-MPEX-BRO-09Dec2014AD-MPEX-BRO-09Dec2014
AD-MPEX-BRO-09Dec2014Leonard Cibelli
 
Norton Mobile Apps Survey Report
Norton Mobile Apps Survey ReportNorton Mobile Apps Survey Report
Norton Mobile Apps Survey ReportSymantec
 
Developing surveillance challenges in theinternet of things
Developing surveillance challenges in theinternet of thingsDeveloping surveillance challenges in theinternet of things
Developing surveillance challenges in theinternet of thingsDr. Raghavendra GS
 
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...IJCSIS Research Publications
 
Usabiltyvs Security Case study of SmartPhone OS
Usabiltyvs Security Case study of SmartPhone OSUsabiltyvs Security Case study of SmartPhone OS
Usabiltyvs Security Case study of SmartPhone OSRajiv Ranjan Singh
 
IRJET - Application for Public Issues
IRJET - Application for Public IssuesIRJET - Application for Public Issues
IRJET - Application for Public IssuesIRJET Journal
 
Vulnerable Hunter
Vulnerable HunterVulnerable Hunter
Vulnerable HunterIJERA Editor
 
IRJET- Sniffer for Tracking Lost Mobile
IRJET- Sniffer for Tracking Lost MobileIRJET- Sniffer for Tracking Lost Mobile
IRJET- Sniffer for Tracking Lost MobileIRJET Journal
 
Ijiret siri-hp-a-remote-phone-access-for-smartphone-events
Ijiret siri-hp-a-remote-phone-access-for-smartphone-eventsIjiret siri-hp-a-remote-phone-access-for-smartphone-events
Ijiret siri-hp-a-remote-phone-access-for-smartphone-eventsIJIR JOURNALS IJIRUSA
 
ConsumerLab: Public safety goes personal
ConsumerLab: Public safety goes personalConsumerLab: Public safety goes personal
ConsumerLab: Public safety goes personalEricsson
 
HinDroid
HinDroidHinDroid
HinDroidHinDroid
 
Privacy on Mobile Apps
Privacy on Mobile AppsPrivacy on Mobile Apps
Privacy on Mobile AppsMays Mrayyan
 
Mobile app privacy
Mobile app privacyMobile app privacy
Mobile app privacyLeo Lau
 
Expanded protections for_children_frequently_asked_questions
Expanded protections for_children_frequently_asked_questionsExpanded protections for_children_frequently_asked_questions
Expanded protections for_children_frequently_asked_questionsssuser3957bc1
 
HIPAA Compliant BYOD: After the MDM Honeymoon
HIPAA Compliant BYOD: After the MDM HoneymoonHIPAA Compliant BYOD: After the MDM Honeymoon
HIPAA Compliant BYOD: After the MDM HoneymoonBitglass
 
20120140504023
2012014050402320120140504023
20120140504023IAEME Publication
 
Windows10_IoT_business_challenge-Avinash
Windows10_IoT_business_challenge-AvinashWindows10_IoT_business_challenge-Avinash
Windows10_IoT_business_challenge-AvinashAvinash Misra
 
IEEE IOT PROJECT TITLE 2015-16
IEEE IOT PROJECT TITLE 2015-16IEEE IOT PROJECT TITLE 2015-16
IEEE IOT PROJECT TITLE 2015-16Spiro Vellore
 
ConsumerLab: Public safety goes personal - presentation
ConsumerLab: Public safety goes personal - presentationConsumerLab: Public safety goes personal - presentation
ConsumerLab: Public safety goes personal - presentationEricsson
 
IRJET- IoT based Smart Foot Device for Women Safety
IRJET- IoT based Smart Foot Device for Women SafetyIRJET- IoT based Smart Foot Device for Women Safety
IRJET- IoT based Smart Foot Device for Women SafetyIRJET Journal
 
IRJET- Use of Artificial Intelligence in Cyber Defence
IRJET- Use of Artificial Intelligence in Cyber DefenceIRJET- Use of Artificial Intelligence in Cyber Defence
IRJET- Use of Artificial Intelligence in Cyber DefenceIRJET Journal
 
Fighting Accident Using Eye Detection forSmartphones
Fighting Accident Using Eye Detection forSmartphonesFighting Accident Using Eye Detection forSmartphones
Fighting Accident Using Eye Detection forSmartphonesIJERA Editor
 
Avc prot 2016a_en
Avc prot 2016a_enAvc prot 2016a_en
Avc prot 2016a_enAndrey Apuhtin
 
Mob review july_2016
Mob review july_2016Mob review july_2016
Mob review july_2016Andrey Apuhtin
 

More Related Content

What's hot

Developing surveillance challenges in theinternet of things
Developing surveillance challenges in theinternet of thingsDeveloping surveillance challenges in theinternet of things
Developing surveillance challenges in theinternet of thingsDr. Raghavendra GS
 
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...IJCSIS Research Publications
 
Usabiltyvs Security Case study of SmartPhone OS
Usabiltyvs Security Case study of SmartPhone OSUsabiltyvs Security Case study of SmartPhone OS
Usabiltyvs Security Case study of SmartPhone OSRajiv Ranjan Singh
 
IRJET - Application for Public Issues
IRJET - Application for Public IssuesIRJET - Application for Public Issues
IRJET - Application for Public IssuesIRJET Journal
 
IRJET- Sniffer for Tracking Lost Mobile
IRJET- Sniffer for Tracking Lost MobileIRJET- Sniffer for Tracking Lost Mobile
IRJET- Sniffer for Tracking Lost MobileIRJET Journal
 
Ijiret siri-hp-a-remote-phone-access-for-smartphone-events
Ijiret siri-hp-a-remote-phone-access-for-smartphone-eventsIjiret siri-hp-a-remote-phone-access-for-smartphone-events
Ijiret siri-hp-a-remote-phone-access-for-smartphone-eventsIJIR JOURNALS IJIRUSA
 
ConsumerLab: Public safety goes personal
ConsumerLab: Public safety goes personalConsumerLab: Public safety goes personal
ConsumerLab: Public safety goes personalEricsson
 
Privacy on Mobile Apps
Privacy on Mobile AppsPrivacy on Mobile Apps
Privacy on Mobile AppsMays Mrayyan
 
Mobile app privacy
Mobile app privacyMobile app privacy
Mobile app privacyLeo Lau
 
Expanded protections for_children_frequently_asked_questions
Expanded protections for_children_frequently_asked_questionsExpanded protections for_children_frequently_asked_questions
Expanded protections for_children_frequently_asked_questionsssuser3957bc1
 
HIPAA Compliant BYOD: After the MDM Honeymoon
HIPAA Compliant BYOD: After the MDM HoneymoonHIPAA Compliant BYOD: After the MDM Honeymoon
HIPAA Compliant BYOD: After the MDM HoneymoonBitglass
 
Windows10_IoT_business_challenge-Avinash
Windows10_IoT_business_challenge-AvinashWindows10_IoT_business_challenge-Avinash
Windows10_IoT_business_challenge-AvinashAvinash Misra
 
IEEE IOT PROJECT TITLE 2015-16
IEEE IOT PROJECT TITLE 2015-16IEEE IOT PROJECT TITLE 2015-16
IEEE IOT PROJECT TITLE 2015-16Spiro Vellore
 
ConsumerLab: Public safety goes personal - presentation
ConsumerLab: Public safety goes personal - presentationConsumerLab: Public safety goes personal - presentation
ConsumerLab: Public safety goes personal - presentationEricsson
 
IRJET- IoT based Smart Foot Device for Women Safety
IRJET- IoT based Smart Foot Device for Women SafetyIRJET- IoT based Smart Foot Device for Women Safety
IRJET- IoT based Smart Foot Device for Women SafetyIRJET Journal
 
IRJET- Use of Artificial Intelligence in Cyber Defence
IRJET- Use of Artificial Intelligence in Cyber DefenceIRJET- Use of Artificial Intelligence in Cyber Defence
IRJET- Use of Artificial Intelligence in Cyber DefenceIRJET Journal
 
Fighting Accident Using Eye Detection forSmartphones
Fighting Accident Using Eye Detection forSmartphonesFighting Accident Using Eye Detection forSmartphones
Fighting Accident Using Eye Detection forSmartphonesIJERA Editor
 

What's hot (20)

Developing surveillance challenges in theinternet of things
Developing surveillance challenges in theinternet of thingsDeveloping surveillance challenges in theinternet of things
Developing surveillance challenges in theinternet of things
 
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
 
Usabiltyvs Security Case study of SmartPhone OS
Usabiltyvs Security Case study of SmartPhone OSUsabiltyvs Security Case study of SmartPhone OS
Usabiltyvs Security Case study of SmartPhone OS
 
IRJET - Application for Public Issues
IRJET - Application for Public IssuesIRJET - Application for Public Issues
IRJET - Application for Public Issues
 
Vulnerable Hunter
Vulnerable HunterVulnerable Hunter
Vulnerable Hunter
 
IRJET- Sniffer for Tracking Lost Mobile
IRJET- Sniffer for Tracking Lost MobileIRJET- Sniffer for Tracking Lost Mobile
IRJET- Sniffer for Tracking Lost Mobile
 
Ijiret siri-hp-a-remote-phone-access-for-smartphone-events
Ijiret siri-hp-a-remote-phone-access-for-smartphone-eventsIjiret siri-hp-a-remote-phone-access-for-smartphone-events
Ijiret siri-hp-a-remote-phone-access-for-smartphone-events
 
ConsumerLab: Public safety goes personal
ConsumerLab: Public safety goes personalConsumerLab: Public safety goes personal
ConsumerLab: Public safety goes personal
 
HinDroid
HinDroidHinDroid
HinDroid
 
Privacy on Mobile Apps
Privacy on Mobile AppsPrivacy on Mobile Apps
Privacy on Mobile Apps
 
Mobile app privacy
Mobile app privacyMobile app privacy
Mobile app privacy
 
Expanded protections for_children_frequently_asked_questions
Expanded protections for_children_frequently_asked_questionsExpanded protections for_children_frequently_asked_questions
Expanded protections for_children_frequently_asked_questions
 
HIPAA Compliant BYOD: After the MDM Honeymoon
HIPAA Compliant BYOD: After the MDM HoneymoonHIPAA Compliant BYOD: After the MDM Honeymoon
HIPAA Compliant BYOD: After the MDM Honeymoon
 
20120140504023
2012014050402320120140504023
20120140504023
 
Windows10_IoT_business_challenge-Avinash
Windows10_IoT_business_challenge-AvinashWindows10_IoT_business_challenge-Avinash
Windows10_IoT_business_challenge-Avinash
 
IEEE IOT PROJECT TITLE 2015-16
IEEE IOT PROJECT TITLE 2015-16IEEE IOT PROJECT TITLE 2015-16
IEEE IOT PROJECT TITLE 2015-16
 
ConsumerLab: Public safety goes personal - presentation
ConsumerLab: Public safety goes personal - presentationConsumerLab: Public safety goes personal - presentation
ConsumerLab: Public safety goes personal - presentation
 
IRJET- IoT based Smart Foot Device for Women Safety
IRJET- IoT based Smart Foot Device for Women SafetyIRJET- IoT based Smart Foot Device for Women Safety
IRJET- IoT based Smart Foot Device for Women Safety
 
IRJET- Use of Artificial Intelligence in Cyber Defence
IRJET- Use of Artificial Intelligence in Cyber DefenceIRJET- Use of Artificial Intelligence in Cyber Defence
IRJET- Use of Artificial Intelligence in Cyber Defence
 
Fighting Accident Using Eye Detection forSmartphones
Fighting Accident Using Eye Detection forSmartphonesFighting Accident Using Eye Detection forSmartphones
Fighting Accident Using Eye Detection forSmartphones
 

Viewers also liked

Q3 d do_s_report_rus_lab_kasp квартальный отчёт (3-ий квартал) по DDoS
Q3 d do_s_report_rus_lab_kasp квартальный отчёт (3-ий квартал) по DDoS Q3 d do_s_report_rus_lab_kasp квартальный отчёт (3-ий квартал) по DDoS
Q3 d do_s_report_rus_lab_kasp квартальный отчёт (3-ий квартал) по DDoS Andrey Apuhtin
 
Pandalabs отчет за 2 квартал 2016
Pandalabs отчет за 2 квартал 2016Pandalabs отчет за 2 квартал 2016
Pandalabs отчет за 2 квартал 2016Andrey Apuhtin
 
Aoa report trap_x_medjack.2
Aoa report trap_x_medjack.2Aoa report trap_x_medjack.2
Aoa report trap_x_medjack.2Andrey Apuhtin
 
«Инфосистемы Джет» оценила годовые потери российского бизнеса от мошенничества
«Инфосистемы Джет» оценила годовые потери российского бизнеса от мошенничества«Инфосистемы Джет» оценила годовые потери российского бизнеса от мошенничества
«Инфосистемы Джет» оценила годовые потери российского бизнеса от мошенничестваAndrey Apuhtin
 
Covert communication in mobile applications
Covert communication in mobile applicationsCovert communication in mobile applications
Covert communication in mobile applicationsAndrey Apuhtin
 
Kl report it-threat-evolution-q3-2015-ru_lab_kasp Доклад об эволюции угроз в ...
Kl report it-threat-evolution-q3-2015-ru_lab_kasp Доклад об эволюции угроз в ...Kl report it-threat-evolution-q3-2015-ru_lab_kasp Доклад об эволюции угроз в ...
Kl report it-threat-evolution-q3-2015-ru_lab_kasp Доклад об эволюции угроз в ...Andrey Apuhtin
 
Mob review august_2016
Mob review august_2016Mob review august_2016
Mob review august_2016Andrey Apuhtin
 
Apple threat-landscape
Apple threat-landscapeApple threat-landscape
Apple threat-landscapeAndrey Apuhtin
 
Epic cdd-ftc-whats app-complaint-2016
Epic cdd-ftc-whats app-complaint-2016Epic cdd-ftc-whats app-complaint-2016
Epic cdd-ftc-whats app-complaint-2016Andrey Apuhtin
 
Cispe code ofconduct-160926
Cispe code ofconduct-160926Cispe code ofconduct-160926
Cispe code ofconduct-160926Andrey Apuhtin
 
X dedic marketplace_eng
X dedic marketplace_engX dedic marketplace_eng
X dedic marketplace_engAndrey Apuhtin
 

Viewers also liked (14)

Avc prot 2016a_en
Avc prot 2016a_enAvc prot 2016a_en
Avc prot 2016a_en
 
Mob review july_2016
Mob review july_2016Mob review july_2016
Mob review july_2016
 
Q3 d do_s_report_rus_lab_kasp квартальный отчёт (3-ий квартал) по DDoS
Q3 d do_s_report_rus_lab_kasp квартальный отчёт (3-ий квартал) по DDoS Q3 d do_s_report_rus_lab_kasp квартальный отчёт (3-ий квартал) по DDoS
Q3 d do_s_report_rus_lab_kasp квартальный отчёт (3-ий квартал) по DDoS
 
Pandalabs отчет за 2 квартал 2016
Pandalabs отчет за 2 квартал 2016Pandalabs отчет за 2 квартал 2016
Pandalabs отчет за 2 квартал 2016
 
Aoa report trap_x_medjack.2
Aoa report trap_x_medjack.2Aoa report trap_x_medjack.2
Aoa report trap_x_medjack.2
 
«Инфосистемы Джет» оценила годовые потери российского бизнеса от мошенничества
«Инфосистемы Джет» оценила годовые потери российского бизнеса от мошенничества«Инфосистемы Джет» оценила годовые потери российского бизнеса от мошенничества
«Инфосистемы Джет» оценила годовые потери российского бизнеса от мошенничества
 
Covert communication in mobile applications
Covert communication in mobile applicationsCovert communication in mobile applications
Covert communication in mobile applications
 
Kl report it-threat-evolution-q3-2015-ru_lab_kasp Доклад об эволюции угроз в ...
Kl report it-threat-evolution-q3-2015-ru_lab_kasp Доклад об эволюции угроз в ...Kl report it-threat-evolution-q3-2015-ru_lab_kasp Доклад об эволюции угроз в ...
Kl report it-threat-evolution-q3-2015-ru_lab_kasp Доклад об эволюции угроз в ...
 
Mob review august_2016
Mob review august_2016Mob review august_2016
Mob review august_2016
 
Apple threat-landscape
Apple threat-landscapeApple threat-landscape
Apple threat-landscape
 
Epic cdd-ftc-whats app-complaint-2016
Epic cdd-ftc-whats app-complaint-2016Epic cdd-ftc-whats app-complaint-2016
Epic cdd-ftc-whats app-complaint-2016
 
Cispe code ofconduct-160926
Cispe code ofconduct-160926Cispe code ofconduct-160926
Cispe code ofconduct-160926
 
X dedic marketplace_eng
X dedic marketplace_engX dedic marketplace_eng
X dedic marketplace_eng
 
Wear fit
Wear fitWear fit
Wear fit
 

Similar to Seven Fitness Wristbands and Apple Watch Security Check 2016

WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSISWEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSISIJNSA Journal
 
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSISWEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSISIJNSA Journal
 
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSISWEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSISIJNSA Journal
 
DasGreenPerezMurphy_Paper
DasGreenPerezMurphy_PaperDasGreenPerezMurphy_Paper
DasGreenPerezMurphy_PaperMichael Murphy
 
Best Android Spy Apps_ Ensuring Safety and Monitoring with Consent.pdf
Best Android Spy Apps_ Ensuring Safety and Monitoring with Consent.pdfBest Android Spy Apps_ Ensuring Safety and Monitoring with Consent.pdf
Best Android Spy Apps_ Ensuring Safety and Monitoring with Consent.pdfonestore3
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile SecurityTharaka Mahadewa
 
There should be clear guidelines related to the protection of privat.pdf
There should be clear guidelines related to the protection of privat.pdfThere should be clear guidelines related to the protection of privat.pdf
There should be clear guidelines related to the protection of privat.pdfmumnesh
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
6’APART – A STEP TO PREVENT COVID-19
6’APART – A STEP TO PREVENT COVID-196’APART – A STEP TO PREVENT COVID-19
6’APART – A STEP TO PREVENT COVID-19IRJET Journal
 
6’APART – A STEP TO PREVENT COVID-19
6’APART – A STEP TO PREVENT COVID-196’APART – A STEP TO PREVENT COVID-19
6’APART – A STEP TO PREVENT COVID-19IRJET Journal
 
Fraud App Detection using Machine Learning
Fraud App Detection using Machine LearningFraud App Detection using Machine Learning
Fraud App Detection using Machine LearningIRJET Journal
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comIdexcel Technologies
 
Running head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docxRunning head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docxtodd581
 
Running head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docxRunning head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docxglendar3
 
A Survey on Smart Android Graphical Password
A Survey on Smart Android Graphical PasswordA Survey on Smart Android Graphical Password
A Survey on Smart Android Graphical Passwordijtsrd
 
Avtest 2012 02-android_anti-malware_report_english
Avtest 2012 02-android_anti-malware_report_englishAvtest 2012 02-android_anti-malware_report_english
Avtest 2012 02-android_anti-malware_report_englishAnatoliy Tkachev
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecuritySubho Halder
 

Similar to Seven Fitness Wristbands and Apple Watch Security Check 2016 (20)

WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSISWEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
 
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSISWEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
 
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSISWEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
 
DasGreenPerezMurphy_Paper
DasGreenPerezMurphy_PaperDasGreenPerezMurphy_Paper
DasGreenPerezMurphy_Paper
 
Mobile security article
Mobile security articleMobile security article
Mobile security article
 
Best Android Spy Apps_ Ensuring Safety and Monitoring with Consent.pdf
Best Android Spy Apps_ Ensuring Safety and Monitoring with Consent.pdfBest Android Spy Apps_ Ensuring Safety and Monitoring with Consent.pdf
Best Android Spy Apps_ Ensuring Safety and Monitoring with Consent.pdf
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile Security
 
There should be clear guidelines related to the protection of privat.pdf
There should be clear guidelines related to the protection of privat.pdfThere should be clear guidelines related to the protection of privat.pdf
There should be clear guidelines related to the protection of privat.pdf
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
 
6’APART – A STEP TO PREVENT COVID-19
6’APART – A STEP TO PREVENT COVID-196’APART – A STEP TO PREVENT COVID-19
6’APART – A STEP TO PREVENT COVID-19
 
6’APART – A STEP TO PREVENT COVID-19
6’APART – A STEP TO PREVENT COVID-196’APART – A STEP TO PREVENT COVID-19
6’APART – A STEP TO PREVENT COVID-19
 
Fraud App Detection using Machine Learning
Fraud App Detection using Machine LearningFraud App Detection using Machine Learning
Fraud App Detection using Machine Learning
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
 
Running head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docxRunning head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docx
 
Running head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docxRunning head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docx
 
A Survey on Smart Android Graphical Password
A Survey on Smart Android Graphical PasswordA Survey on Smart Android Graphical Password
A Survey on Smart Android Graphical Password
 
OS-Project-Report-Team-8
OS-Project-Report-Team-8OS-Project-Report-Team-8
OS-Project-Report-Team-8
 
Avtest 2012 02-android_anti-malware_report_english
Avtest 2012 02-android_anti-malware_report_englishAvtest 2012 02-android_anti-malware_report_english
Avtest 2012 02-android_anti-malware_report_english
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application Security
 
I018145157
I018145157I018145157
I018145157
 

More from Andrey Apuhtin

Shadow pad technical_description_pdf
Shadow pad technical_description_pdfShadow pad technical_description_pdf
Shadow pad technical_description_pdfAndrey Apuhtin
 
Ftc cdt-vpn-complaint-8-7-17
Ftc cdt-vpn-complaint-8-7-17Ftc cdt-vpn-complaint-8-7-17
Ftc cdt-vpn-complaint-8-7-17Andrey Apuhtin
 
Hutchins redacted indictment
Hutchins redacted indictmentHutchins redacted indictment
Hutchins redacted indictmentAndrey Apuhtin
 
Dr web review_mob_july_2017
Dr web review_mob_july_2017Dr web review_mob_july_2017
Dr web review_mob_july_2017Andrey Apuhtin
 
Nexusguard d do_s_threat_report_q1_2017_en
Nexusguard d do_s_threat_report_q1_2017_enNexusguard d do_s_threat_report_q1_2017_en
Nexusguard d do_s_threat_report_q1_2017_enAndrey Apuhtin
 
Pandalabs отчет за 1 квартал 2017
Pandalabs отчет за 1 квартал 2017Pandalabs отчет за 1 квартал 2017
Pandalabs отчет за 1 квартал 2017Andrey Apuhtin
 
Lookout pegasus-android-technical-analysis
Lookout pegasus-android-technical-analysisLookout pegasus-android-technical-analysis
Lookout pegasus-android-technical-analysisAndrey Apuhtin
 
Apwg trends report_q4_2016
Apwg trends report_q4_2016Apwg trends report_q4_2016
Apwg trends report_q4_2016Andrey Apuhtin
 
News berthaume-sentencing-jan2017
News berthaume-sentencing-jan2017News berthaume-sentencing-jan2017
News berthaume-sentencing-jan2017Andrey Apuhtin
 
Windows exploitation-2016-a4
Windows exploitation-2016-a4Windows exploitation-2016-a4
Windows exploitation-2016-a4Andrey Apuhtin
 

More from Andrey Apuhtin (20)

Shadow pad technical_description_pdf
Shadow pad technical_description_pdfShadow pad technical_description_pdf
Shadow pad technical_description_pdf
 
Ftc cdt-vpn-complaint-8-7-17
Ftc cdt-vpn-complaint-8-7-17Ftc cdt-vpn-complaint-8-7-17
Ftc cdt-vpn-complaint-8-7-17
 
Hutchins redacted indictment
Hutchins redacted indictmentHutchins redacted indictment
Hutchins redacted indictment
 
Dr web review_mob_july_2017
Dr web review_mob_july_2017Dr web review_mob_july_2017
Dr web review_mob_july_2017
 
Dmarc
DmarcDmarc
Dmarc
 
Nexusguard d do_s_threat_report_q1_2017_en
Nexusguard d do_s_threat_report_q1_2017_enNexusguard d do_s_threat_report_q1_2017_en
Nexusguard d do_s_threat_report_q1_2017_en
 
Pandalabs отчет за 1 квартал 2017
Pandalabs отчет за 1 квартал 2017Pandalabs отчет за 1 квартал 2017
Pandalabs отчет за 1 квартал 2017
 
Sel03129 usen
Sel03129 usenSel03129 usen
Sel03129 usen
 
Cldap threat-advisory
Cldap threat-advisoryCldap threat-advisory
Cldap threat-advisory
 
Lookout pegasus-android-technical-analysis
Lookout pegasus-android-technical-analysisLookout pegasus-android-technical-analysis
Lookout pegasus-android-technical-analysis
 
Rand rr1751
Rand rr1751Rand rr1751
Rand rr1751
 
Apwg trends report_q4_2016
Apwg trends report_q4_2016Apwg trends report_q4_2016
Apwg trends report_q4_2016
 
Browser history
Browser historyBrowser history
Browser history
 
Software
SoftwareSoftware
Software
 
Antivirus
AntivirusAntivirus
Antivirus
 
Https interception
Https interceptionHttps interception
Https interception
 
Wilssc 006 xml
Wilssc 006 xmlWilssc 006 xml
Wilssc 006 xml
 
News berthaume-sentencing-jan2017
News berthaume-sentencing-jan2017News berthaume-sentencing-jan2017
News berthaume-sentencing-jan2017
 
Windows exploitation-2016-a4
Windows exploitation-2016-a4Windows exploitation-2016-a4
Windows exploitation-2016-a4
 
Mw stj 08252016_2
Mw stj 08252016_2Mw stj 08252016_2
Mw stj 08252016_2
 

Recently uploaded

Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 

Recently uploaded (20)

Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 

Seven Fitness Wristbands and Apple Watch Security Check 2016

  • 1. created by Markus Selinger18th July 2016 Seven Fitness Wristbands and the Apple Watch in a Security Check 2016 Fitness wristbands and smart watches are extremely popular, not only with sports fans. Health insurance companies are now even subsidizing the purchase of a tracker or rewarding their use, as fit people cost the insurance companies less. That is why the experts from AV-TEST examined 7 of the latest fitness wristbands under Android and the Apple Watch in terms of their security. The result: some manufacturers are continuing to make disappointing errors. Smart watches and fitness wristbands or trackers are popular and are even being at least recommended by health insurers worldwide. In Europe, the legal playing field only allows the health insurance companies to subsidize the wearables. In the United States, there are already offers of premium rebates, as long as the policyholder is able to demonstrate his or her efforts per fitness tracker. The New York startup, Oscar Health, for example, pays policyholders one dollar per day if they reach the daily fitness goal. At first glance, the current and forecast sales figures for fitness trackers mostly elicit an initial "Wow!". According to IDC, in 2014 over 26 million wearables were already sold, in 2015 already more than 75 million, and in 2016 the number is expected to exceed 100 million. Persistent high risks with fitness trackers This test evaluated the latest and best-selling fitness wristbands, along with the Apple Watch. All wristbands operate with a corresponding app on an Android smartphone. That is why the findings are summarized in the test for trackers and apps. The laboratory is also making a very detailed test report available as a PDF. The Apple Watch represents a special case: some test methods cannot be directly applied from Android to the iOS. That is why the evaluation of the Apple Watch is found separately at the end of the article. The following products were tested: - Basis Peak - Microsoft Band 2 - Mobile Action Q-Band - Pebble Time - Runtastic Moment Elite - Striiv Fusion - Xiaomi MiBand - Apple Watch (see end of article) The experts focused on two special issues: 1. From the perspective of the private user, is the data recorded in the tracker or app secure against spying or hacking by third parties? 2. From the perspective of health insurers or other companies, is the data in the tracker or app secure against tampering? The first issue involves the consideration that attackers may use the data or exploit it to the user's disadvantage. It involves private data that rightly needs to be protected. The second issue concerns health insurance companies that reward their policyholders for reaching a fitness goal. If a fitness tracker or app can be manipulated, however, it is inevitable that this approach will be exploited eventually. Three test steps to risk assessment
  • 2. The testers subjected each fitness wristband to a total of 10 testing criteria, divided up into three areas: tracker, application and online communication. The graph on risk assessment shows the areas in which test candidates have problems and whether the testers classify the particular criterion as a risk. The terms "fault" or "security gap" were explicitly not chosen, as there is only a heightened or high risk of penetration in the areas evaluated, but not explicitly an open door. Nor did the testers make any further attempt to "hack" a risk area. They simply analyzed what an attacker could do in that area and what the consequences would be. Tracker – connection, authentication, tampering Visibility: All fitness trackers use Bluetooth to connect with the smartphone. Here the traditional problems were examined first. One security aspect is invisibility for other Bluetooth devices. You can't connect to or track something that's not there. Only during pairing should the devices be visible for a certain time. This security is only offered by the wristbands from Microsoft and Pebble. Mobile Action claims the capability, but it is still visible. BLE privacy: The second Bluetooth safety aspect is the function of BLE privacy, which has been a feature since Android 5.0. With this feature, the device repeatedly generates a new MAC address for a Bluetooth connection. The actual address is never disclosed and therefore not trackable. This technology is only used by Microsoft Band 2. None of the others know the technology. Ability to be found: Once a device is to be connected, technically speaking there are several options. A very secure solution is exclusive Bluetooth pairing (i.e. the tracker only allows a connection to one known smartphone), which in the test, however, is only used by Basis Peak and Microsoft Band 2. Pebble Time allows connections with several devices, but the user is required to manually confirm each one; that is also secure. The Xiaomi MiBand uses a simple, yet safe method: after a successful pairing, it is simply no longer visible and allows no more connections. Only the wristbands from Striiv, Runtastic and Mobile Action fail to use reliable technology to also prevent connections with unknown devices. Authentication: If a third-party smartphone successfully paired up with a tracker, on some products there is an additional safety feature: authentication. Only three out of seven products use this secondary security threshold consistently: Basis Peak, Microsoft Band 2, and Pebble Time. While Xiaomi does also use the technology, it is quite simple to circumvent and therefore useless under certain circumstances. The other three products either do not offer this additional security or they implement it inadequately. Tamper protection: This item is just as interesting for users as it is presumably for health insurance companies or courts who rely on the authenticity of data. That is why it was tested whether there is an integrity safeguard or access protection for the data stored in the tracker. The protection must be configured so that it prevents access from third parties, and eliminates tampering of data by the smartphone owner. Only the products from Basis, Microsoft, Pebble and Xiaomi offer basic protection in this area. However the device from Xiaomi can also be fooled by weak authentication. It is possible for a third-party to make the wristband vibrate, for example, to change alarm times, or even completely reset the tracker to factory settings. The fitness trackers from Striiv and Mobile Action do not use any adequate and functioning authentication or any other safety mechanisms, and are therefore vulnerable to tampering. On the Striiv Fusion, the values for body measurements of the user could be changed to superhuman parameters. These were then used as inputs for the calculation of distance traveled and calorie burn. On the tracker from Mobile Action, it was also possible to modify the stored user information on weight, height, step length, etc. during the test. These values were also used directly for the calculation of calorie burn and distance traveled. The App – safeguarding and code check Local storage: Even if the technology of the tracker is secure, the corresponding app on the smartphone can be the weakest link. That is why testing was conducted as to whether the apps save data accessible to other apps on the smartphone. The security functions for non-rooted Android devices actually prevent this access. But if data is saved in the wrong place, it is accessible to everyone. Xiaomi MiBand was the only one committing this error. It stores an extensive log file on app activity in a completely open area. This log contains all the transmitted data, as well as user information, alias, body measurements, and much more, which is also used for the authentication process. Code obfuscation: During the second test, the object is to identify sloppy programming of the apps. It was checked whether the apps use code obfuscation. This technology prevents reverse engineering and hides useful information from attackers. The apps from Mobile Action, Pebble and Xiaomi use the technology entirely. The apps from Basis and Runtastic raised flags in this category. They do not consistently use obfuscation – this can enable attackers. The products from Microsoft and Striiv do not use obfuscation at all. Which means that specialists could perform an app analysis.
  • 3. Log and debug info: An additional programming error is the output of log and debug information. Sometimes there is so much important information in these outputs that other security mechanisms are defeated in the process. Only the app from Mobile Action works cleanly in this category. All the other apps continue to spit out information that attackers would love to get their hands on. Secure online communication The final check involved all connections established by the app. Can the communication be monitored or does it perhaps even occur unencrypted? And if so, what is being transmitted? The good news: all connections that ought to be encrypted are encrypted. Intercepted open HTTP connections were worthless – and therefore probably unencrypted. Furthermore, the lab examined whether the contents of a secure connection were readable after the installation of a root certificate. This evaluation is important, as it is a possible pathway for users to manipulate transmitted data themselves. The products from Basis and Pebble show that security is also possible in this area. They are sufficiently protected against unwanted access. For all other products, it was possible to monitor the secure connections and partly also to successfully tamper with them. Thus, authentication and synchronization data were readable. Conclusion: sports, fun – and lack of security As already witnessed in the initial test of fitness wristbands last year, many manufacturers are also committing similar errors in the current test. They often don't pay sufficient attention to the aspect of security. The risk assessment indicates that the trackers from Pebble Time, Basis Peak and Microsoft Band 2 were among the most secure. They show minor errors, but on aggregate, they offer few opportunities for attackers or tampering. After this test, the manufacturers are certain to also fix a few of the smaller defects via a firmware update. The fitness wristband from Mobile Action indicates multiple risk factors. It features a function that claims to the user that it is invisible for others – but it is not. It also has deficiencies in terms of authentication and tamper protection. In the test, user data could even be modified through the back door. The threesome of Runtastic, Striiv and Xiaomi racked up the most risk points: 7 to 8 possible risk points out of 10. These products can be tracked rather easily, use inconsistent or no authentication or tamper protection, the code of the apps is not sufficiently obfuscated, and data traffic can be manipulated and monitored with root certificates. Worst of all, Xiaomi even stores its entire data unencrypted on the smartphone. You can read more about the comprehensive security study developed by the lab on the testing of fitness trackers in this PDF file. The Apple Watch Put to a Security Check
  • 4. The Apple Watch as a fitness tracker (photo: Apple). The Apple Watch is also used as a fitness tracker in conjunction with an iPhone. Yet how safely does it handle the data, or can data even be retrieved? The test of the Apple Watch is configured essentially the same way as the test of the Android devices. However, iOS and Android are so different in some areas that the test of various risk criteria could not be performed, whereas others are not relevant for the Apple device. That is why in the category of trackers, the lab only examined the criteria of controlled visibility, BLE privacy and controlled connectivity. In the area of online communication, it was examined whether the connections are encrypted and whether the results can be manipulated using root certificates. Visibility per Bluetooth can be controlled by the user. Thus, the watch cannot be constantly tracked. An interesting element was the test for BLE privacy. In this test, the Apple Watch was supposed to show a different MAC address each time Bluetooth was newly activated. This makes it almost impossible to track. In the test, this function worked repeatedly. If airplane mode is switched on and off, however, the Apple Watch always shows its genuine MAC address to the Bluetooth components. This should actually not be the case. In terms of controlled connectivity, Apple uses a special theft prevention technique: If the Watch has been paired with an account, it can only be released with great effort. A factory reset does not even help here. If a thief then sells the smart watch, the new user could no longer pair up with his own iPhone. In terms of connections, the Apple Watch mostly uses encrypted connections that are additionally secured. Updates, however, only occur unencrypted via HTTP. In connections that were encrypted, yet not further secured, the testers were able to read some of the information. There were lines of text, for example, including the geo data of the user with his or her location – right down to the street address! In a further step, as with Android devices, a root certificate was installed. Afterwards, many connections could be monitored. In this manner, the user himself has more access to the data and could tamper with it. All in all, the Apple Watch receives a high security rating. While the testers did identify certain theoretical vulnerabilities, the time and effort required for attackers to gain access to the watch would be extremely high.
  • 5. Security Check 2016: Seven Fitness Wristbands and the Apple Watch. 
  • 6. Fitness wristbands in a security check: Also in this year's test round, some fitness wristbands present a high safety risk. The Apple Watch is missing in the lineup, as it was evaluated separately due to the test differences compared to Android. Test environment: The fitness trackers were connected with the smartphone, the manufacturer apps were examined, attempts were made to fool them per test app, and the connections were monitored with a proxy.  
  • 7. Pebble Time: This fitness wristband earned the fewest risk points in the test – which translates to high security (photo: Pebble). Microsoft Band 2: Although the Band operates in the Android world, Microsoft makes its use quite secure (Photo: Microsoft).  
  • 8. Striiv Fusion: With 8 out of 10 risk points, the fitness wristband can be classified as unsafe (photo: Striiv). Copyright © 2015 by AV-TEST GmbH, Klewitzstr. 7, 39112 Magdeburg, Germany Phone +49 (0) 391 60754-60, Fax +49 (0) 391 60754-69, www.av-test.org 