Cybersecurity Assessment of the Polar Bluetooth Low Energy Heart-rate Sensor
Smone Soderi
TL;DR
The paper addresses security weaknesses in BLE-enabled WBAN heart-rate sensors, focusing on MitM risks detectable through RSSI variations. It surveys BLE core specifications and security mechanisms, then analyzes vulnerabilities in BLE $4.1$ in a fitness scenario using a NIST/OWASP risk framework. An active MitM demonstration with BtleJuice shows how heart-rate data can be intercepted and modified, underscoring the insufficiency of Just Works pairing and lack of end-to-end protection. The work highlights practical implications for privacy and safety in wearable health devices and argues for stronger pairing, end-to-end security, and anomaly detection to mitigate real-world attacks.
Abstract
Wireless communications among wearable and implantable devices implement the information exchange around the human body. Wireless body area network (WBAN) technology enables non-invasive applications in our daily lives. Wireless connected devices improve the quality of many services, and they make procedures easier. On the other hand, they open up large attack surfaces and introduces potential security vulnerabilities. Bluetooth low energy (BLE) is a low-power protocol widely used in wireless personal area networks (WPANs). This paper analyzes the security vulnerabilities of a BLE heart-rate sensor. By observing the received signal strength indicator (RSSI) variations, it is possible to detect anomalies in the BLE connection. The case-study shows that an attacker can easily intercept and manipulate the data transmitted between the mobile app and the BLE device. With this research, the author would raise awareness about the security of the heart-rate information that we can receive from our wireless body sensors.