Security Analysis of the Masimo MightySat: Data Leakage to a Nosy Neighbor

Date
2021-01-05
Authors
Long, Stephanie
Dill, Richard
Mullins, Barry
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Embedded technology known as the Internet of Things (IoT) has been integrated into everyday life, from the home, to the farm, industry, enterprise, the battlefield, and even for medical devices. With the increased use of networked devices comes an increased attack surface for malicious actors to gather and inject data, putting the privacy of users at risk. This research considers the Masimo MightySat fingertip pulse oximeter and the companion Masimo Professional Health app from a security standpoint, analyzing the Bluetooth Low Energy (BLE) communication from the device to the application and the data leakage between the two. It is found that with some analysis of a personally owned Masimo MightySat Rx through the use of an Ubertooth BLE traffic sniffer, static analysis of the HCI\_snoop.log and application data, and dynamic analysis of the app, data could be reasonably captured for another MightySat and interpret it to learn user health data.
Description
Keywords
Cellular and Wireless Networks, ble, bluetooth low energy, cybersecurity, internet of things, medical iot
Citation
Rights
Access Rights
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.