BreakMI Paper and Repo
I am glad to share that our paper titled BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking Ecosystem is publicly available here. In this work, we reverse-engineer, exploit, and fix the proprietary security protocols used by Xiaomi to secure the Bluetooth Low Energy communication between its trackers and smartphone applications. We also release BreakMi, a tool to reproduce our findings and perform further analyses on Xiaomi’s Fitness tracking ecosystem. We also evaluated BreakMi on the Fitbit ecosystem and found that most of the vulnerabilities and attacks presented for Xiaomi are portable with minor adjustments to the Fitbit ecosystem.
I’m particularly proud of this paper as its main author is Marco Casagrande, my first PhD student. Congratulations, Marco, for the hard/novel/relevant work and thanks to the co-authors Eleonora Losiouk, Mauro Conti, and Mathias Payer!
We will present the paper in September at CHES 2022.