Abstract
Mobile sensor devices have made a great leap in terms of popularity and proliferation amongst the public in recent years, being used for a wide variety of lifestyle, fitness and health applications. This makes them very attractive for scientists and users who are interested in the actual bio and environmental data these devices measure, what they are capable of and their limitations. However manufacturers like to limit access to such data, storing it on their own private servers, only giving customers access to the results of their often very specific and limited analyses. The underlying filtering methods, algorithms and training sets are virtually never disclosed. Mobile sensor devices use various Bluetooth-protocols like RFCOMM and GATT to transfer data onto a smartphone or tablet. And there is the crux of the matter: Hardly any of the manufacturers encrypt their connection, because that would take precious processing and battery power as well as more resources in development. This paper describes how to access raw bio-data on a selection of wearable and stationary sensor devices using nothing but a contemporary Android-smartphone and a PC. A detailed example of how to access such a device is given. In empirical tests three out of four devices showed a total lack of effective security measures. From the combined experience of accessing several mobile sensor devices a generalized approach was formulated. Finally a shortlist of simple methods that should prevent abusive exploits is given in the hope that future devices will show improved data security in particular for health-relevant applications that deal with sensitive information.
