We presented our paper titled BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking Ecosystem at CHES 2022 in the hardware security track.
Here is the excellent presentation given by Marco Casagrande. You can also check out the presentation slides and the BreakMi repository to reproduce our findings (with the help of video tutorials nicely prepared by Marco).
I am glad to share that our paper titled BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking Ecosystem is publicly available here. In this work, we reverse-engineer, exploit, and fix the proprietary security protocols used by Xiaomi to secure the Bluetooth Low Energy communication between its trackers and smartphone applications. We also release BreakMi, a tool to reproduce our findings and perform further analyses on Xiaomi’s Fitness tracking ecosystem. We also evaluated BreakMi on the Fitbit ecosystem and found that most of the vulnerabilities and attacks presented for Xiaomi are portable with minor adjustments to the Fitbit ecosystem.