ABSTRACT
This paper introduces a method to capture network traffic from medical IoT devices and automatically detect cleartext information that may reveal sensitive medical conditions and behaviors. The research follows a three-step approach involving traffic collection, cleartext detection, and metadata analysis. We analyze four popular consumer medical IoT devices, including one smart medical device that leaks sensitive health information in cleartext. We also present a traffic capture and analysis system that seamlessly integrates with a home network and offers a user-friendly interface for consumers to monitor and visualize data transmissions of IoT devices in their homes.
- Noah Apthorpe. 2016. A Smart Home is No Castle: Privacy Vulnerabilities of Encrypted IoT Traffic Workshop on Data and Algorithmic Transparency.Google Scholar
- United States Census Bureau. 2003. Frequently Occurring Surnames from the Census 2000. (2003). https://www.census.gov/topics/population/genealogy/data/2000_surnames.htmlGoogle Scholar
- Seunghun Cha and Hyoungshick Kim. 2017. Detecting encrypted traffic: a machine learning approach. Vol. 10144. Springer, Cham. Information Security Applications.Google Scholar
- Federal Trade Commission. 2016. Internet of Things: Privacy & Security in a Connected World FTC Staff Report.Google Scholar
- Bogdan et al Copos. 2016. Is Anybody Home? Inferring Activity From Smart Home Network Traffic IEEE Security and Privacy Workshops.Google Scholar
- Dimiter Dimitrov. 2016. Medical Internet of Things and Big Data in Healthcare. Healthc Inform Res, Vol. 3, 22 (7 2016), 156--163.Google ScholarCross Ref
- Nick Feamster. 2016. Who Will Secure the Internet of Things? https://freedom-to-tinker.com/2016/01/19/who-will-secure-the-internet-of-things/. (2016).Google Scholar
- Grance Tim McCallister, Erika and Karen Scarfone. 2010. Guide to Protecting the Confidentiality of Personally Identifiable Information (PII). Special Publication, Vol. 122, 800 (4 2010), 2.Google Scholar
- Brian Mosley. 2017. NSF Funded IoT Security Research Excites at the 2017 CNSF Exhibition. http://cra.org/govaffairs/blog/2017/05/2017-cnsf-exhibition/. (2017).Google Scholar
- United States Department of Health and Human Services Office for Civil Rights. n.d.. Summary of the HIPAA Privacy Rule. ( n.d.). https://www.hhs.gov/hipaa/for-professionals/privacy/index.htmlGoogle Scholar
- United States Department of Health and Human Services Office for Civil Rights. n.d.. Summary of the HIPAA Security Rule. ( n.d.). https://www.hhs.gov/hipaa/for-professionals/security/index.htmlGoogle Scholar
- Rothenberg, Mikel A. Sell, Rebecca and Charles F. Chapman, 2012. Dictionary of Medical Terms. Vol. Vol. 6. Barron's Educational Series.Google Scholar
- Vijay et al Srinivasan. 2008. Protecting your daily in-home activity information from a wireless snooping attack Proceedings of the 10th international conference on Ubiquitous computing. ACM, New York, 202--211.Google Scholar
Index Terms
- Cleartext Data Transmissions in Consumer IoT Medical Devices
Recommendations
Systematically Evaluating Security and Privacy for Consumer IoT Devices
IoTS&P '17: Proceedings of the 2017 Workshop on Internet of Things Security and PrivacyInternet-of-Things (IoT) devices such as smart bulbs, cameras, and health monitors are being enthusiastically adopted by consumers, with numbers projected to rise to the billions. However, such devices are also easily attacked, or used for launching ...
Personalized Health Monitoring System for Managing Well-Being in Rural Areas
Rural India lacks easy access to health practitioners and medical centers, depending instead on community health workers. In these areas, common ailments that are easy to manage with medicines, often lead to medical escalations and even fatalities due ...
Wireless networks, physician handhelds use, and medical devices in U.S. hospitals
WH '15: Proceedings of the conference on Wireless HealthAs wireless technologies such as smartphones, tablets, and other handheld devices continue to permeate into every aspect of everyday life, hospitals have attempted to integrate them into the clinical workflow. Similarly, wireless sensor devices are ...
Comments