Posts

Our talk titled BreakMi: Reversing, Exploiting and Fixing Xiaomi (and Fitbit) Fitness Tracking Ecosystems has been accepted at Hardwear.io USA'23. The talk extends and complements our paper titled BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking Ecosystem. The talk covers new relevant and educational aspect about our study that we did not have time to talk about during the paper presentation at CHES'22. For instance we will cover in detail:

Marco Casagrande presented his excellent poster about BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking Ecosystem during EURECOM’s Scientific Council (SC).

The call for papers for 2023 ACM Cyber-Physical System Security Workshop (CPSS) is open. The workshop is held in conjunction with ACM AsiaCCS'23 in Melbourne, Australia. For more information see the CPSS website and its call for papers.

We presented our paper titled BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking Ecosystem at CHES 2022 in the hardware security track.

Here is the excellent presentation given by Marco Casagrande. You can also check out the presentation slides and the BreakMi repository to reproduce our findings (with the help of video tutorials nicely prepared by Marco).

I’m glad to share three updates about the BLURtooth paper.

We successfully tested the BLUR attacks on a Google Pixel 6 (Bluetooth 5.2) and submitted our findings to Google. They classified the report with high severity, assigned CVE-2022-20361, and shipped fixes as part of August’s Android Security bulletin. More details about the fixes can be found here. This is yet another finding demonstrating that the attacks are effective on all Bluetooth versions supporting CTKD unlike stated in this note from the Bluetooth SIG .

Below you can find a webinar that I’ve recorded for the Automotive Security Research Group (ASRG) talking about our recent paper titled On the Insecurity of Vehicles Against Protocol-Level Bluetooth Threats.

The webinar will also be linked for WOOT'22 as the talk I gave at the workshop was not recorded because of some issues.

I am glad to share that our paper titled BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking Ecosystem is publicly available here. In this work, we reverse-engineer, exploit, and fix the proprietary security protocols used by Xiaomi to secure the Bluetooth Low Energy communication between its trackers and smartphone applications. We also release BreakMi, a tool to reproduce our findings and perform further analyses on Xiaomi’s Fitness tracking ecosystem. We also evaluated BreakMi on the Fitbit ecosystem and found that most of the vulnerabilities and attacks presented for Xiaomi are portable with minor adjustments to the Fitbit ecosystem.

The Journal of Systems Research (JSys) is a new journal with diamond-access publication model; that is, papers are free to read, submit, review, and publish. Its design borrows heavily from similar journals recently created in the databases, security, and crypto communities.

URL: https://www.ieee-security.org/TC/SP2022/WOOT22/index.html Submission: https://woot22.secpriv.tuwien.ac.at/woot22/paper/new

Overview

The Workshop on Offensive Technologies (WOOT) aims to present a broad picture of offense and its contributions, bringing together researchers and practitioners across all areas of computer security. Offensive security has changed from a hobby to an industry. No longer an exercise for isolated enthusiasts, offensive security is today a large-scale operation managed by organized, capitalized actors. Meanwhile, the landscape has shifted: software used by millions is built by startups less than a year old, delivered on mobile phones and surveilled by national signals intelligence agencies. In the field’s infancy, offensive security research was conducted separately by industry, independent hackers, or in academia. Collaboration between these groups was difficult. Since 2007, the Workshop on Offensive Technologies (WOOT) has been bringing those communities together.