{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T15:23:10Z","timestamp":1772119390851,"version":"3.50.1"},"reference-count":42,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2024,8,16]],"date-time":"2024-08-16T00:00:00Z","timestamp":1723766400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2024,8,16]],"date-time":"2024-08-16T00:00:00Z","timestamp":1723766400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100000266","name":"Engineering and Physical Sciences Research Council","doi-asserted-by":"crossref","award":["EP\/S035362\/1"],"award-info":[{"award-number":["EP\/S035362\/1"]}],"id":[{"id":"10.13039\/501100000266","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100000266","name":"Engineering and Physical Sciences Research Council","doi-asserted-by":"crossref","award":["EP\/S035362\/1"],"award-info":[{"award-number":["EP\/S035362\/1"]}],"id":[{"id":"10.13039\/501100000266","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2024,12]]},"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>The number of digital health products is increasing faster than ever. These technologies (e.g. mobile apps and connected devices) collect massive amounts of data about their users, including health, medical, sex life, and other intimate data. In this paper, we study a set of 21 Internet of Things (IoT) devices advertised for general and intimate health purposes of female bodies (aka female-oriented technologies or FemTech). We focus on the security of the Bluetooth connection and communications between the IoT device and the mobile app. Our results highlight serious security issues in the current off-the-shelf FemTech devices. These include unencrypted Bluetooth traffic, unknown Bluetooth services and insecure Bluetooth authentication when connecting to the app. We implement Bluetooth attacks on the communication between these devices and apps, resulting in malfunctioning of the device and app. We discuss our results and provide recommendations for different stakeholders to improve the security practices of Bluetooth-enabled IoT devices in such a sensitive and intimate domain.<\/jats:p>","DOI":"10.1007\/s10207-024-00883-3","type":"journal-article","created":{"date-parts":[[2024,8,16]],"date-time":"2024-08-16T14:01:57Z","timestamp":1723816917000},"page":"3547-3567","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Bluetooth security analysis of general and intimate health IoT devices and apps: the case of FemTech"],"prefix":"10.1007","volume":"23","author":[{"given":"Stephen","family":"Cook","sequence":"first","affiliation":[]},{"given":"Maryam","family":"Mehrnezhad","sequence":"additional","affiliation":[]},{"given":"Ehsan","family":"Toreini","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,8,16]]},"reference":[{"key":"883_CR1","unstructured":"Almeida, T., Mehrnezhad, M., Cook, S.: The importance of collective privacy in digital sexual and reproductive health. In: 17th Annual UK Fertility Conference, and The Human Fertility Journal, (2023)"},{"key":"883_CR2","doi-asserted-by":"crossref","unstructured":"Almeida, T., Shipp, L., Mehrnezhad, M., Toreini, E.: Bodies like yours: enquiring data privacy in FemTech. In NordiCHI Adjunct \u201922: Adjunct Proceedings of the 2022 Nordic Human-Computer Interaction Conference. ACM (2022)","DOI":"10.1145\/3547522.3547674"},{"key":"883_CR3","doi-asserted-by":"crossref","unstructured":"Brauer, S., Zubow, A., Zehl, S., Roshandel, M., Mashhadi-Sohi, S.: On Practical selective jamming of bluetooth low energy advertising. In 2016 IEEE Conference on Standards for Communications and Networking (CSCN) (2016)","DOI":"10.1109\/CSCN.2016.7785169"},{"key":"883_CR4","doi-asserted-by":"crossref","unstructured":"Brown, E.: Supercharged sexism: the triple threat of workplace monitoring for women. Available at SSRN 3680861 (2020)","DOI":"10.2139\/ssrn.3680861"},{"key":"883_CR5","unstructured":"Brown, E.: The FemTech paradox: how workplace monitoring threatens women\u2019s equity. Jurimetrics (2021)"},{"key":"883_CR6","doi-asserted-by":"publisher","first-page":"108712","DOI":"10.1016\/j.comnet.2021.108712","volume":"205","author":"M C\u00e4sar","year":"2022","unstructured":"C\u00e4sar, M., Pawelke, T., Steffan, J., Terhorst, G.: A survey on bluetooth low energy security and privacy. Comput. Netw. 205, 108712 (2022)","journal-title":"Comput. Netw."},{"key":"883_CR7","doi-asserted-by":"crossref","unstructured":"Cayre, R., Galtier, F., Auriol, G., Nicomette, V., Ka\u00e2niche, M., Marconato, G.: InjectaBLE: injecting malicious traffic into established bluetooth low energy connections. In IFIP International Conference on Dependable Systems and Networks (DSN). IEEE (2021)","DOI":"10.1109\/DSN48987.2021.00050"},{"key":"883_CR8","unstructured":"Coble, S.: Cyber-Attack on Fertility Centers of Illinois. (2022). https:\/\/www.infosecurity-magazine.com\/news\/cyberattack-on-fertility-centers\/"},{"issue":"2","key":"883_CR9","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1109\/TTS.2022.3160928","volume":"3","author":"J Erickson","year":"2022","unstructured":"Erickson, J., Yuzon, J.Y., Bonaci, T.: What you do not expect when you are expecting: privacy analysis of Femtech. IEEE Trans. Technol. Soc. 3(2), 121\u2013131 (2022)","journal-title":"IEEE Trans. Technol. Soc."},{"key":"883_CR10","unstructured":"Khayamian Esfahani, B., Bause, M., Schaefer, D.: Health 4.0: how digitisation drives innovation in the healthcare sector. (2019)"},{"key":"883_CR11","unstructured":"Bluetooth Special\u00a0Interest Group.: Core Specification. (2021). https:\/\/www.bluetooth.com\/specifications\/specs\/core-specification-5-3\/"},{"key":"883_CR12","unstructured":"Bluetooth Special\u00a0Interest Group.: Bluetooth Security. (2023). https:\/\/www.bluetooth.com\/learn-about-bluetooth\/key-attributes\/bluetooth-security\/"},{"key":"883_CR13","unstructured":"Gullberg, P.: Denial of service attack on bluetooth low energy, denial of service attack on bluetooth low energy (2016)"},{"key":"883_CR14","volume-title":"Bluetooth Low Energy the Developers Handbook","author":"R Heydon","year":"2012","unstructured":"Heydon, R.: Bluetooth Low Energy the Developers Handbook. Pearson, London (2012)"},{"key":"883_CR15","doi-asserted-by":"publisher","first-page":"108953","DOI":"10.1016\/j.comnet.2022.108953","volume":"211","author":"A Lacava","year":"2022","unstructured":"Lacava, A., Zottola, V., Bonaldo, A., Cuomo, F., Basagni, S.: Securing bluetooth low energy networking: an overview of security procedures and threats. Comput. Netw. 211, 108953 (2022)","journal-title":"Comput. Netw."},{"key":"883_CR16","doi-asserted-by":"crossref","unstructured":"Lerner, A., He, H.Y., Kawakami, A., Zeamer, S.C., Hoyle, R.: Privacy and activism in the transgender community. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (2020)","DOI":"10.1145\/3313831.3376339"},{"key":"883_CR17","doi-asserted-by":"crossref","unstructured":"Lounis, K., Zulkernine, M.: Bluetooth low energy makes \u201cjust works\u201d not work. In 2019 3rd Cyber Security in Networking Conference (CSNet). IEEE (2019)","DOI":"10.1109\/CSNet47905.2019.9108931"},{"key":"883_CR18","unstructured":"Madhur, B.: Bluetooth low energy versus bluetooth classic. (2017)"},{"key":"883_CR19","unstructured":"Maxwell, Y.: FDA warns of cybersecurity holes in certain cardiac devices and monitoring system. (2017) https:\/\/www.tctmd.com\/news\/fda-warns-cybersecurity-holes-certain-cardiac-devices-and-monitoring-system"},{"issue":"4","key":"883_CR20","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3589960","volume":"30","author":"N Mcdonald","year":"2023","unstructured":"Mcdonald, N., Andalibi, N.: I did watch \u2018the handmaid\u2019s tale\u2019: threat modeling privacy post-roe in the United States. ACM Trans. Comput. Hum. Interact. 30(4), 1\u201334 (2023)","journal-title":"ACM Trans. Comput. Hum. Interact."},{"key":"883_CR21","doi-asserted-by":"crossref","unstructured":"Mehrnezhad, M., Almeida, T.: Caring for Intimate Data in Fertility Technologies. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. ACM (2021)","DOI":"10.1145\/3411764.3445132"},{"key":"883_CR22","doi-asserted-by":"crossref","unstructured":"Mehrnezhad, M., Almeida, T.: My sex-related data is more sensitive than my financial data and I want the same level of security and privacy: user risk perceptions and protective actions in female-oriented technologies. In European Symposium on Usable Security and Privacy (EuroUSEC) (2023)","DOI":"10.1145\/3617072.3617100"},{"issue":"2022","key":"883_CR23","doi-asserted-by":"publisher","first-page":"105","DOI":"10.2478\/popets-2022-0006","volume":"1","author":"M Mehrnezhad","year":"2022","unstructured":"Mehrnezhad, M., Coopamootoo, K., Toreini, E.: How can and would people protect from online tracking? Proc. Privacy Enhanc. Technol. 1(2022), 105\u2013125 (2022)","journal-title":"Proc. Privacy Enhanc. Technol."},{"key":"883_CR24","doi-asserted-by":"crossref","unstructured":"Mehrnezhad, M., Shipp, L., Almeida, T., Toreini, E.: Vision: too little too late? Do the risks of FemTech already outweigh the benefits?. In Proceedings of the 2022 European Symposium on Usable Security. ACM (2022b)","DOI":"10.1145\/3549015.3554204"},{"issue":"2024","key":"883_CR25","doi-asserted-by":"publisher","first-page":"1296599","DOI":"10.3389\/friot.2024.1296599","volume":"3","author":"M Mehrnezhad","year":"2024","unstructured":"Mehrnezhad, M., Van Der Merwe, T., Catt, M.: Mind the FemTech gap: regulation failings and exploitative systems. Front. Intern. Things 3(2024), 1296599 (2024)","journal-title":"Front. Intern. Things"},{"key":"883_CR26","doi-asserted-by":"crossref","unstructured":"Moniz, D.P., Mehrnezhad, M., Almeida, T.: Intimate data: exploring perceptions of privacy and privacy-seeking behaviors through the story completion method. In Proceedings of the 19th International Conference INTERACT 2023. Springer LNCS (2023)","DOI":"10.1007\/978-3-031-42286-7_30"},{"key":"883_CR27","unstructured":"Mozilla.: It\u2019s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy. (2023) https:\/\/foundation.mozilla.org\/en\/privacynotincluded\/articles\/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy\/"},{"key":"883_CR28","unstructured":"National Audit\u00a0Office (NAO).: Investigation: WannaCry Cyber Attack and the NHS - NAO Report. (2017) https:\/\/www.nao.org.uk\/reports\/investigation-wannacry-cyber-attack-and-the-nhs\/"},{"key":"883_CR29","doi-asserted-by":"crossref","unstructured":"Neprash, H.T., McGlave, C.C., Cross, D.A., Virnig, B.A., Puskarich, M.A., Huling, J.D., Rozenshtein, A.Z., Nikpay, S.S.: Trends in ransomware attacks on US hospitals, clinics, and other health care delivery organizations, 2016\u20132021. In JAMA Health Forum, Vol.\u00a03, p. e224873. American Medical Association, (2022)","DOI":"10.1001\/jamahealthforum.2022.4873"},{"issue":"2","key":"883_CR30","first-page":"667","volume":"34","author":"T Rostow","year":"2017","unstructured":"Rostow, T.: What happens when an acquaintance buys your data: a new privacy harm in the age of data brokers note. Yale J. Regul. 34(2), 667\u2013708 (2017)","journal-title":"Yale J. Regul."},{"key":"883_CR31","doi-asserted-by":"crossref","unstructured":"Sehrawat, D. Gill, N.S.: Smart sensors: analysis of different types of IoT sensors. In 2019 3rd International Conference on Trends in Electronics and Informatics (ICOEI). IEEE (2019)","DOI":"10.1109\/ICOEI.2019.8862778"},{"key":"883_CR32","doi-asserted-by":"crossref","unstructured":"Soderi, S.: Cybersecurity assessment of the polar bluetooth low energy heart-rate sensor. In: Mucchi, Lorenzo, H\u00e4m\u00e4l\u00e4inen, Matti, Jayousi, Sara, Morosi, Simone (eds.) Body Area Networks: Smart IoT and Big Data for Intelligent Health Management. Springer International Publishing, Heidelberg (2019)","DOI":"10.1007\/978-3-030-34833-5_20"},{"key":"883_CR33","unstructured":"Seri, B., Vishnepolsky, G.: The dangers of bluetooth implementations: unveiling zero day vulnerabilities and security flaws in modern bluetooth stacks. Armis Secur. (2023)"},{"key":"883_CR34","unstructured":"Statista. Femtech market size worldwide from 2021 to 2030. (2023). https:\/\/www.statista.com\/statistics\/1333181\/global-femtech-market-size\/"},{"key":"883_CR35","unstructured":"Stiller, B., Schiller, E., Schmitt, C., Ziegler, S., James, M.: An overview of network communication technologies for IoT (2021)"},{"key":"883_CR36","unstructured":"The Social Engineering framework.: Information Brokers (2020)"},{"key":"883_CR37","doi-asserted-by":"crossref","unstructured":"Toreini, E., Mehrnezhad, M., van Moorsel, A.: Verifiable fairness: privacy\u2013preserving computation of fairness for machine learning systems. In: European symposium on research in computer security (pp. 569\u2013584). Cham: Springer Nature Switzerland (2023)","DOI":"10.1007\/978-3-031-54129-2_34"},{"key":"883_CR38","doi-asserted-by":"crossref","unstructured":"Toreini, E., Mehrnezhad, M., van Moorsel, A.: Fairness as a Service (FaaS): verifiable and privacy-preserving fairness auditing of machine learning systems. Int J Inf Secur. 23(2), 981\u2013997 (2024)","DOI":"10.1007\/s10207-023-00774-z"},{"key":"883_CR39","unstructured":"Townsend, K.: Introduction to Bluetooth Low Energy. (2014). https:\/\/learn.adafruit.com\/introduction-to-bluetooth-low-energy\/gatt"},{"key":"883_CR40","doi-asserted-by":"crossref","unstructured":"Uher, J., Mennecke, R.G., Farroha, B.S.: Denial of sleep attacks in bluetooth low energy wireless sensor networks. In MILCOM 2016 - 2016 IEEE Military Communications Conference (2016)","DOI":"10.1109\/MILCOM.2016.7795499"},{"key":"883_CR41","doi-asserted-by":"crossref","unstructured":"Wu, F., Qiu, C., Wu, T., Yuce, M.R.: Edge-based hybrid system implementation for long-range safety and healthcare IoT applications. IEEE Intern. Things J. 8(12), 9970\u20139980 (2021)","DOI":"10.1109\/JIOT.2021.3050445"},{"key":"883_CR42","doi-asserted-by":"crossref","unstructured":"Zhang, T., Liu, M., Yuan, T., Al-Nabhan, N.: Emotion-Aware and Intelligent Internet of Medical Things Toward Emotion Recognition During COVID-19 Pandemic. (2021)","DOI":"10.1109\/JIOT.2020.3038631"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00883-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-024-00883-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00883-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,11]],"date-time":"2024-10-11T21:04:09Z","timestamp":1728680649000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-024-00883-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,8,16]]},"references-count":42,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2024,12]]}},"alternative-id":["883"],"URL":"https:\/\/doi.org\/10.1007\/s10207-024-00883-3","relation":{"has-preprint":[{"id-type":"doi","id":"10.21203\/rs.3.rs-3877210\/v1","asserted-by":"object"}]},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,8,16]]},"assertion":[{"value":"16 August 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors have no Conflict of interest to declare that are relevant to the content of this article.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"This research has been conducted with no human involvement in data collection. The project obtained ethical approval from the authors\u2018 institution.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}]}}