research-article

Open access

I just wanted to track my steps! Blocking unwanted traffic of Fitbit devices

Authors:

Andrei Kazlouski,

Thomas Marchioro,

Evangelos MarkatosAuthors Info & Claims

IoT '22: Proceedings of the 12th International Conference on the Internet of Things

Pages 96 - 103

https://doi.org/10.1145/3567445.3567457

Published: 05 January 2023 Publication History

All formats PDF

Abstract

The recent advent of wearable fitness trackers has fueled concerns in regards to the privacy they provide. In particular, previous works have indicated that the associated fitness apps may contact unexpected Internet destinations.

In this work we identify the third-party connections of the official mobile Fitbit application and its partners, and study whether they can be blocked without hindering the essential functionality of the devices. We show that disabling traffic to the domains contained in well-maintained blocklists does not prevent Fitbit trackers from correctly reporting activity data, including steps, workouts, duration and quality of sleep, etc. Moreover, we demonstrate that Fitbit activity data are correctly synchronized for 6 partner apps of Fitbit when utilizing the above blocking rules.

Our results suggest that more than of the third parties for the Fitbit-associated apps are contained in credible domain-based blocklists. Furthermore, we find all studied app to contact between 1 and 20 non-required third parties. Finally, over of the blocked destinations are identified by the default installation of uBlock Origin – universally used content filter (adblocker).

Unlike previous works on blocking unnecessary IoT communications, our methodology can be easily utilized by end-users.

References

[1]

Ahmet Aksoy and Mehmet Hadi Gunes. 2019. Automated iot device identification using network traffic. In ICC 2019-2019 IEEE International Conference on Communications (ICC). IEEE, 1–7.

[2]

Kimberly PL Chong, Julia Z Guo, Xiaomeng Deng, and Benjamin KP Woo. 2020. Consumer perceptions of wearable technology devices: retrospective review and analysis. JMIR mHealth and uHealth 8, 4 (2020), e17544.

[3]

Kate Crawford, Jessa Lingel, and Tero Karppi. 2015. Our metrics, ourselves: A hundred years of self-tracking from the weight scale to the wrist wearable device. European Journal of Cultural Studies 18, 4-5 (2015), 479–496.

[4]

Kaja Fietkiewicz and Aylin Ilhan. 2020. Fitness tracking technologies: Data privacy doesn’t matter? The (un) concerns of users, former users, and non-users. In Proceedings of the 53rd Hawaii International Conference on System Sciences.

[5]

The Firebog. 2022. The Big Blocklist Collection. Retrieved August 25, 2022 from https://firebog.net/

[6]

Freemyband. 2021. Free my band. Retrieved August 25, 2022 from https://www.freemyband.com/

[7]

Gadgetbridge. 2022. Gadgetbridge. Retrieved August 25, 2022 from https://gadgetbridge.org/

[8]

Hang Guo and John Heidemann. 2020. Detecting iot devices in the internet. IEEE/ACM Transactions on Networking 28, 5 (2020), 2323–2336.

Digital Library

[9]

Andrei Kazlouski, Thomas Marchioro, Harry Manifavas, and Evangelos Markatos. 2020. Do you know who is talking to your wearable smartband?Integrated Citizen Centered Digital Health and Social Care (2020), 142.

[10]

Andrei Kazlouski, Thomas Marchioro, Harry Manifavas, and Evangelos Markatos. 2021. Do partner apps offer the same level of privacy protection? The case of wearable applications. In 2021 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops). IEEE, 648–653.

[11]

Anna Maria Mandalari, Daniel J Dubois, Roman Kolcun, Muhammad Talha Paracha, Hamed Haddadi, and David Choffnes. 2021. Blocking Without Breaking: Identification and Mitigation of Non-Essential IoT Traffic. Proceedings on Privacy Enhancing Technologies 4 (2021), 369–388.

[12]

Anna Maria Mandalari, Roman Kolcun, Hamed Haddadi, Daniel J Dubois, and David Choffnes. 2020. Towards automatic identification and blocking of non-critical iot traffic destinations. arXiv preprint arXiv:2003.07133(2020).

[13]

Yair Meidan, Michael Bohadana, Asaf Shabtai, Juan David Guarnizo, Martín Ochoa, Nils Ole Tippenhauer, and Yuval Elovici. 2017. ProfilIoT: a machine learning approach for IoT device identification based on network traffic analysis. In Proceedings of the symposium on applied computing. 506–509.

Digital Library

[14]

Markus Miettinen, Samuel Marchal, Ibbad Hafeez, N Asokan, Ahmad-Reza Sadeghi, and Sasu Tarkoma. 2017. Iot sentinel: Automated device-type identification for security enforcement in iot. In 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS). IEEE, 2177–2184.

[15]

Roberto Perdisci, Thomas Papastergiou, Omar Alrawi, and Manos Antonakakis. 2020. Iotfinder: Efficient large-scale identification of iot devices via passive dns traffic analysis. In 2020 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE Computer Society, 474–489.

[16]

Portswigger. 2022. What do you want to do with Burp Suite?Retrieved August 25, 2022 from https://portswigger.net/burp

[17]

Andrew Raij, Animikh Ghosh, Santosh Kumar, and Mani Srivastava. 2011. Privacy risks emerging from the adoption of innocuous wearable sensors in the mobile environment. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. 11–20.

Digital Library

[18]

Jingjing Ren, Daniel J Dubois, David Choffnes, Anna Maria Mandalari, Roman Kolcun, and Hamed Haddadi. 2019. Information exposure from consumer iot devices: A multidimensional, network-informed measurement approach. In Proceedings of the Internet Measurement Conference. 267–279.

Digital Library

[19]

Mustafizur R Shahid, Gregory Blanc, Zonghua Zhang, and Hervé Debar. 2018. IoT devices recognition through network traffic analysis. In 2018 IEEE international conference on big data (big data). IEEE, 5187–5192.

[20]

Katie Shilton. 2009. Four billion little brothers? Privacy, mobile phones, and ubiquitous data collection. Commun. ACM 52, 11 (2009), 48–53.

Digital Library

[21]

Arunan Sivanathan, Hassan Habibi Gharakheili, Franco Loi, Adam Radford, Chamith Wijenayake, Arun Vishwanath, and Vijay Sivaraman. 2018. Classifying IoT devices in smart environments using network traffic characteristics. IEEE Transactions on Mobile Computing 18, 8 (2018), 1745–1759.

[22]

Michael Smith, Peter Snyder, Moritz Haller, Benjamin Livshits, Deian Stefan, and Hamed Haddadi. 2022. Blocked or Broken? Automatically Detecting When Privacy Interventions Break Websites. arXiv preprint arXiv:2203.03528(2022).

[23]

Statista. 2020. Number of adblock users worldwide from 2013 to 2019. Retrieved August 25, 2022 from https://www.statista.com/statistics/435252/adblock-users-worldwide/

[24]

Statista. 2022. Wearables unit shipments worldwide from 2014 to 2021. Retrieved August 25, 2022 from https://www.statista.com/statistics/437871/wearables-worldwide-shipments/

[25]

uBlock Origin. 2022. uBlock Origin - Free, open-source ad content blocker.Retrieved August 25, 2022 from https://ublockorigin.com/

[26]

Janus Varmarken, Hieu Le, Anastasia Shuba, Athina Markopoulou, and Zubair Shafiq. 2020. The tv is smart and full of trackers: Measuring smart tv advertising and tracking. Proceedings on Privacy Enhancing Technologies 2020, 2(2020).

[27]

Jessica Vitak, Yuting Liao, Priya Kumar, Michael Zimmer, and Katherine Kritikos. 2018. Privacy attitudes and data valuation among fitness tracker users. In International Conference on Information. Springer, 229–239.

Cited By

Müller KSchumm DWallace ERodrigues BStiller B(2024)SHIFT: a Security and Home Integration Framework for IoTNOMS 2024-2024 IEEE Network Operations and Management Symposium10.1109/NOMS59830.2024.10575751(1-7)Online publication date: 6-May-2024
https://doi.org/10.1109/NOMS59830.2024.10575751

Index Terms

I just wanted to track my steps! Blocking unwanted traffic of Fitbit devices
1. Security and privacy
  1. Human and societal aspects of security and privacy

Recommendations

I recognize you by your steps: Privacy impact of pedometer data
Abstract
In recent years, with the popularity of fitness bands and smartwatches, there has been a surge in the collection of personal physiological data. Tracking activities and fitness levels has become an intrinsic part of many people’s ...
Wearable lifestyle tracking devices: are they useful for teenagers?
UbiComp/ISWC'15 Adjunct: Adjunct Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2015 ACM International Symposium on Wearable Computers

Behavioral patterns linked to physical activity and nutrition are established during adolescence and people tend to maintain them throughout their whole lives. Wearable life tracking devices might be a useful tool in order to achieve healthy lifestyles ...
Fitbit Flex 2: An Easy Guide to the Best Features

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

IoT '22: Proceedings of the 12th International Conference on the Internet of Things

November 2022

259 pages

ISBN:9781450396653

DOI:10.1145/3567445

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 January 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

IoT 2022

IoT 2022: The 12th International Conference on the Internet of Things

November 7 - 10, 2022

Delft, Netherlands

Acceptance Rates

Overall Acceptance Rate 28 of 84 submissions, 33%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
493
Total Downloads

Downloads (Last 12 months)255
Downloads (Last 6 weeks)26

Reflects downloads up to 24 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Müller KSchumm DWallace ERodrigues BStiller B(2024)SHIFT: a Security and Home Integration Framework for IoTNOMS 2024-2024 IEEE Network Operations and Management Symposium10.1109/NOMS59830.2024.10575751(1-7)Online publication date: 6-May-2024
https://doi.org/10.1109/NOMS59830.2024.10575751

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents