Breakmi

Our talk titled BreakMi: Reversing, Exploiting and Fixing Xiaomi (and Fitbit) Fitness Tracking Ecosystems has been accepted at Hardwear.io USA'23. The talk extends and complements our paper titled BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking Ecosystem. The talk covers new relevant and educational aspect about our study that we did not have time to talk about during the paper presentation at CHES'22. For instance we will cover in detail:

Marco Casagrande presented his excellent poster about BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking Ecosystem during EURECOM’s Scientific Council (SC).

We presented our paper titled BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking Ecosystem at CHES 2022 in the hardware security track.

Here is the excellent presentation given by Marco Casagrande. You can also check out the presentation slides and the BreakMi repository to reproduce our findings (with the help of video tutorials nicely prepared by Marco).

I am glad to share that our paper titled BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking Ecosystem is publicly available here. In this work, we reverse-engineer, exploit, and fix the proprietary security protocols used by Xiaomi to secure the Bluetooth Low Energy communication between its trackers and smartphone applications. We also release BreakMi, a tool to reproduce our findings and perform further analyses on Xiaomi’s Fitness tracking ecosystem. We also evaluated BreakMi on the Fitbit ecosystem and found that most of the vulnerabilities and attacks presented for Xiaomi are portable with minor adjustments to the Fitbit ecosystem.