{"id":"https://openalex.org/W4282042624","doi":"https://doi.org/10.46586/tches.v2022.i3.330-366","title":"BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking Ecosystem","display_name":"BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking Ecosystem","publication_year":2022,"publication_date":"2022-06-08","ids":{"openalex":"https://openalex.org/W4282042624","doi":"https://doi.org/10.46586/tches.v2022.i3.330-366"},"language":"en","primary_location":{"id":"doi:10.46586/tches.v2022.i3.330-366","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2022.i3.330-366","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/9704/9234","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://tches.iacr.org/index.php/TCHES/article/download/9704/9234","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5086866874","display_name":"Marco Casagrande","orcid":null},"institutions":[{"id":"https://openalex.org/I1902872","display_name":"EURECOM","ror":"https://ror.org/00sse7z02","country_code":"FR","type":"education","lineage":["https://openalex.org/I1902872","https://openalex.org/I205703379"]}],"countries":["FR"],"is_corresponding":true,"raw_author_name":"Marco Casagrande","raw_affiliation_strings":["EURECOM, Sophia Antipolis, France,","EURECOM, Sophia Antipolis, France"],"affiliations":[{"raw_affiliation_string":"EURECOM, Sophia Antipolis, France,","institution_ids":["https://openalex.org/I1902872"]},{"raw_affiliation_string":"EURECOM, Sophia Antipolis, France","institution_ids":["https://openalex.org/I1902872"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5067504505","display_name":"Eleonora Losiouk","orcid":"https://orcid.org/0000-0002-2315-7823"},"institutions":[{"id":"https://openalex.org/I138689650","display_name":"University of Padua","ror":"https://ror.org/00240q980","country_code":"IT","type":"education","lineage":["https://openalex.org/I138689650"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Eleonora Losiouk","raw_affiliation_strings":["University of Padua, Padua, Italy,","University of Padua, Padua, Italy"],"affiliations":[{"raw_affiliation_string":"University of Padua, Padua, Italy,","institution_ids":["https://openalex.org/I138689650"]},{"raw_affiliation_string":"University of Padua, Padua, Italy","institution_ids":["https://openalex.org/I138689650"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063847107","display_name":"Mauro Conti","orcid":"https://orcid.org/0000-0002-3612-1934"},"institutions":[{"id":"https://openalex.org/I138689650","display_name":"University of Padua","ror":"https://ror.org/00240q980","country_code":"IT","type":"education","lineage":["https://openalex.org/I138689650"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Mauro Conti","raw_affiliation_strings":["University of Padua, Padua, Italy,","University of Padua, Padua, Italy"],"affiliations":[{"raw_affiliation_string":"University of Padua, Padua, Italy,","institution_ids":["https://openalex.org/I138689650"]},{"raw_affiliation_string":"University of Padua, Padua, Italy","institution_ids":["https://openalex.org/I138689650"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065116578","display_name":"Mathias Payer","orcid":"https://orcid.org/0000-0001-5054-7547"},"institutions":[{"id":"https://openalex.org/I5124864","display_name":"\u00c9cole Polytechnique F\u00e9d\u00e9rale de Lausanne","ror":"https://ror.org/02s376052","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I5124864"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Mathias Payer","raw_affiliation_strings":["EPFL, Lausanne, Switzerland,","EPFL, Lausanne, Switzerland"],"affiliations":[{"raw_affiliation_string":"EPFL, Lausanne, Switzerland,","institution_ids":["https://openalex.org/I5124864"]},{"raw_affiliation_string":"EPFL, Lausanne, Switzerland","institution_ids":["https://openalex.org/I5124864"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5029738162","display_name":"Daniele Antonioli","orcid":"https://orcid.org/0000-0002-9342-3920"},"institutions":[{"id":"https://openalex.org/I1902872","display_name":"EURECOM","ror":"https://ror.org/00sse7z02","country_code":"FR","type":"education","lineage":["https://openalex.org/I1902872","https://openalex.org/I205703379"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Daniele Antonioli","raw_affiliation_strings":["EURECOM, Sophia Antipolis, France,","EURECOM, Sophia Antipolis, France"],"affiliations":[{"raw_affiliation_string":"EURECOM, Sophia Antipolis, France,","institution_ids":["https://openalex.org/I1902872"]},{"raw_affiliation_string":"EURECOM, Sophia Antipolis, France","institution_ids":["https://openalex.org/I1902872"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5086866874"],"corresponding_institution_ids":["https://openalex.org/I1902872"],"apc_list":null,"apc_paid":null,"fwci":1.4274,"has_fulltext":true,"cited_by_count":10,"citation_normalized_percentile":{"value":0.82211619,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"330","last_page":"366"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12801","display_name":"Bluetooth and Wireless Communication Technologies","score":0.9958999752998352,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12801","display_name":"Bluetooth and Wireless Communication Technologies","score":0.9958999752998352,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.9801999926567078,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9754999876022339,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6466885805130005},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5209413766860962},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.519305408000946},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.45995983481407166},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4250423014163971},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.39161065220832825},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.13160961866378784}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6466885805130005},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5209413766860962},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.519305408000946},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.45995983481407166},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4250423014163971},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.39161065220832825},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.13160961866378784}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.46586/tches.v2022.i3.330-366","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2022.i3.330-366","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/9704/9234","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:c8d3963d02d24842b6a3792af2d1deeb","is_oa":true,"landing_page_url":"https://doaj.org/article/c8d3963d02d24842b6a3792af2d1deeb","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Transactions on Cryptographic Hardware and Embedded Systems, Vol 2022, Iss 3 (2022)","raw_type":"article"},{"id":"pmh:oai:www.research.unipd.it:11577/3457658","is_oa":true,"landing_page_url":"https://hdl.handle.net/11577/3457658","pdf_url":null,"source":{"id":"https://openalex.org/S4377196283","display_name":"Research Padua  Archive (University of Padua)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I138689650","host_organization_name":"University of Padua","host_organization_lineage":["https://openalex.org/I138689650"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/article"},{"id":"pmh:oai:zenodo.org:130591","is_oa":true,"landing_page_url":"https://www.openaccessrepository.it/record/130591","pdf_url":null,"source":{"id":"https://openalex.org/S4306402478","display_name":"INFM-OAR (INFN Catania)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210116497","host_organization_name":"Istituto Nazionale di Fisica Nucleare, Sezione di Catania","host_organization_lineage":["https://openalex.org/I4210116497"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"info:eu-repo/semantics/article"}],"best_oa_location":{"id":"doi:10.46586/tches.v2022.i3.330-366","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2022.i3.330-366","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/9704/9234","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G4779416514","display_name":"Code Sanitization for Vulnerability Pruning and Exploitation Mitigation","funder_award_id":"850868","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G4956428346","display_name":null,"funder_award_id":"Horizon 2020 research and innovatio","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G5005340534","display_name":null,"funder_award_id":"HR001119S0089-AMP-FP-034","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"},{"id":"https://openalex.org/G5036817778","display_name":null,"funder_award_id":"European Union's Horizon 2020 research and innov","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G5399556803","display_name":null,"funder_award_id":"This project has received funding from the Europea","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G8318064016","display_name":null,"funder_award_id":"Horizon","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G8633428685","display_name":null,"funder_award_id":"European Union's Horizon 2020 research and innovat","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G8819235867","display_name":"Assuring PRivacy for Internet COnnected Things","funder_award_id":"ANR-20-CYAL-0001","funder_id":"https://openalex.org/F4320320883","funder_display_name":"Agence Nationale de la Recherche"}],"funders":[{"id":"https://openalex.org/F4320313933","display_name":"Minist\u00e8re de l'Enseignement sup\u00e9rieur, de la Recherche et de l'Innovation","ror":null},{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"},{"id":"https://openalex.org/F4320320883","display_name":"Agence Nationale de la Recherche","ror":"https://ror.org/00rbzpz17"},{"id":"https://openalex.org/F4320321114","display_name":"Bundesministerium f\u00fcr Bildung und Forschung","ror":"https://ror.org/04pz7b180"},{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4282042624.pdf","grobid_xml":"https://content.openalex.org/works/W4282042624.grobid-xml"},"referenced_works_count":31,"referenced_works":["https://openalex.org/W58703277","https://openalex.org/W2266573070","https://openalex.org/W2274307588","https://openalex.org/W2467636675","https://openalex.org/W2533383364","https://openalex.org/W2729486066","https://openalex.org/W2748719146","https://openalex.org/W2750047563","https://openalex.org/W2790176444","https://openalex.org/W2901978819","https://openalex.org/W2907134331","https://openalex.org/W2928007274","https://openalex.org/W2948543573","https://openalex.org/W2953178328","https://openalex.org/W2960944180","https://openalex.org/W2983028905","https://openalex.org/W3024421377","https://openalex.org/W3038161846","https://openalex.org/W3043128441","https://openalex.org/W3081908344","https://openalex.org/W3082009274","https://openalex.org/W3093690648","https://openalex.org/W3101986464","https://openalex.org/W3126077285","https://openalex.org/W3152941721","https://openalex.org/W3153757948","https://openalex.org/W3158714349","https://openalex.org/W3182366867","https://openalex.org/W3203120992","https://openalex.org/W4236313563","https://openalex.org/W4289702168"],"related_works":["https://openalex.org/W17155033","https://openalex.org/W3207760230","https://openalex.org/W2114381667","https://openalex.org/W3048799479","https://openalex.org/W107495730","https://openalex.org/W2779961139","https://openalex.org/W3006507989","https://openalex.org/W4240241597","https://openalex.org/W2763500028","https://openalex.org/W4240288358"],"abstract_inverted_index":{"Xiaomi":[0,60,111,118,147,181,204,240,245],"is":[1],"the":[2,6,23,40,132,185,218,268],"leading":[3],"company":[4],"in":[5,19,127],"fitness":[7,14,63,148,182],"tracking":[8,15,64],"industry.":[9],"Successful":[10],"attacks":[11,141,164,186],"on":[12,158,173],"its":[13,62],"ecosystem":[16,65],"would":[17],"result":[18],"severe":[20,92],"consequences,":[21],"including":[22,98],"loss":[24],"of":[25],"sensitive":[26,200],"health":[27],"and":[28,52,87,100,116,123,150,156,178,198,206,213,236,248],"personal":[29],"data.":[30],"Despite":[31],"these":[32],"relevant":[33],"risks,":[34],"we":[35,49,222,229],"know":[36],"very":[37],"little":[38],"about":[39],"security":[41,80,246],"mechanisms":[42,81],"adopted":[43],"by":[44,84,135,261],"Xiaomi.":[45],"In":[46,58],"this":[47],"work,":[48],"uncover":[50],"them":[51],"show":[53,126],"that":[54,228,255],"they":[55,108,192],"are":[56,105],"insecure.":[57],"particular,":[59],"protects":[61],"with":[66,267],"custom":[67],"application-layer":[68,241],"protocols":[69],"spoken":[70],"over":[71],"insecure":[72],"Bluetooth":[73],"Low-Energy":[74],"(BLE)":[75],"connections":[76],"(ignoring":[77],"standard":[78],"BLE":[79],"already":[82],"supported":[83],"their":[85,159],"devices)":[86],"TLS":[88],"connections.":[89],"We":[90,125,209,253,271],"identify":[91],"vulnerabilities":[93,134],"affecting":[94],"such":[95],"proprietary":[96,242],"protocols,":[97,243],"unilateral":[99],"replayable":[101],"authentication.":[102],"Those":[103],"issues":[104],"critical":[106],"as":[107,191],"affect":[109],"all":[110],"trackers":[112],"released":[113],"since":[114],"2016":[115],"up-to-date":[117],"companion":[119,151],"apps":[120],"for":[121],"Android":[122,168],"iOS.":[124],"practice":[128],"how":[129],"to":[130,143,170,196,216,231,264],"exploit":[131],"identified":[133],"presenting":[136],"six":[137],"impactful":[138],"attacks.":[139,237,252],"Four":[140],"enable":[142],"wirelessly":[144],"impersonate":[145,179],"any":[146,203],"tracker":[149,177,205],"app,":[152],"man-in-the-middle":[153],"(MitM)":[154],"them,":[155],"eavesdrop":[157,172],"communication.":[160],"The":[161],"other":[162],"two":[163],"leverage":[165],"a":[166,176,180,188,225],"malicious":[167],"application":[169],"remotely":[171],"data":[174,201],"from":[175,202],"app.":[183,208],"Overall,":[184],"have":[187],"high":[189],"impact":[190],"can":[193,258],"be":[194,259,265],"used":[195],"exfiltrate":[197],"inject":[199],"compatible":[207,266],"propose":[210],"five":[211],"practical":[212],"low-overhead":[214],"countermeasures":[215],"mitigate":[217],"presented":[219],"vulnerabilities.":[220],"Moreover,":[221],"present":[223],"breakmi,":[224],"modular":[226],"toolkit":[227,257],"developed":[230],"automate":[232],"our":[233,251,256],"reverse-engineering":[234],"process":[235],"breakmi":[238],"understands":[239],"reimplements":[244],"mechanisms,":[247],"automatically":[249],"performs":[250],"demonstrate":[254],"generalized":[260],"extending":[262],"it":[263],"Fitbit":[269],"ecosystem.":[270],"will":[272],"open-source":[273],"breakmi.":[274]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":4}],"updated_date":"2026-04-13T07:58:08.660418","created_date":"2025-10-10T00:00:00"}