A Case Study on Vulnerability Analysis
and Firmware Modification Attack for a Wearable Fitness Tracker Minkyu
Park2 and Sangchul Han2+ 1Dept. of
Computer Science and Engineering, Dankook University Yongin-si, Gyeonggi-do 16890 South Korea {tlawodn94,
limkh120, snorlax, sjcho}@dankook.ac.kr 2Dept. of
Computer Engineering, Konkuk University Chungju-si, Chungcheongbuk-do 27478 South Korea {minkyup, schan}@kku.ac.kr
Abstract As wearable fitness trackers
have been used to collect and analyze users’ behaviors such as vital signs
and physical workout in daily life, many studies have recently addressed
security and privacy issues of wearable fitness trackers. In this paper we
focus specifically on (1) analysis of vulnerabilities in firmware of a
fitness tracker, a gateway (Android app) connected to the fitness tracker,
and communication protocol between the fitness tracker and its genuine
gateway using reverse engineering, and (2) creation of a PC based fake
gateway by exploiting the vulnerabilities. We finally demonstrate a proof-of-
concept firmware attack against a fitness tracker using the created fake
gateway. Keywords: Fitness Tracker, Vulnerability
Analysis, Firmware Modification, Fake Gateway, Reverse Engineering +: Corresponding author: Sangchul
Han Chungcheongbuk-do, 27478, Korea,
Tel: +82-43-840-3605 IT Convergence Practice (INPRA), Vol. 5, No. 4, pp. 25-33, December 2017 [pdf] |