{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,25]],"date-time":"2026-04-25T21:55:32Z","timestamp":1777154132200,"version":"3.51.4"},"reference-count":48,"publisher":"MDPI AG","issue":"12","license":[{"start":{"date-parts":[[2023,6,8]],"date-time":"2023-06-08T00:00:00Z","timestamp":1686182400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Wearable devices are starting to gain popularity, which means that a large portion of the population is starting to acquire these products. This kind of technology comes with a lot of advantages, as it simplifies different tasks people do daily. However, as they recollect sensitive data, they are starting to be targets for cybercriminals. The number of attacks on wearable devices forces manufacturers to improve the security of these devices to protect them. Many vulnerabilities have appeared in communication protocols, specifically Bluetooth. We focus on understanding the Bluetooth protocol and what countermeasures have been applied during their updated versions to solve the most common security problems. We have performed a passive attack on six different smartwatches to discover their vulnerabilities during the pairing process. Furthermore, we have developed a proposal of requirements needed for maximum security of wearable devices, as well as the minimum requirements needed to have a secure pairing process between two devices via Bluetooth.<\/jats:p>","DOI":"10.3390\/s23125438","type":"journal-article","created":{"date-parts":[[2023,6,9]],"date-time":"2023-06-09T02:03:18Z","timestamp":1686276198000},"page":"5438","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":33,"title":["Cybersecurity Analysis of Wearable Devices: Smartwatches Passive Attack"],"prefix":"10.3390","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2419-8379","authenticated-orcid":false,"given":"Alejandra Guadalupe","family":"Silva-Trujillo","sequence":"first","affiliation":[{"name":"Facultad de Ingenier\u00eda, Universidad Aut\u00f3noma de San Luis Potos\u00ed (UASLP), Zona Universitaria, San Luis Potos\u00ed 78290, Mexico"},{"name":"Facultad de Inform\u00e1tica, Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Computer Science and Engineering, Office 431, Universidad Complutense de Madrid (UCM), 28040 Madrid, Spain"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4001-5026","authenticated-orcid":false,"given":"Mauricio Jacobo","family":"Gonz\u00e1lez Gonz\u00e1lez","sequence":"additional","affiliation":[{"name":"Facultad de Ingenier\u00eda, Universidad Aut\u00f3noma de San Luis Potos\u00ed (UASLP), Zona Universitaria, San Luis Potos\u00ed 78290, Mexico"},{"name":"Instituto Tecnol\u00f3gico de Estudios Superiores de Monterrey, Escuela de Ingenier\u00eda y Ciencias, Departamento de Computaci\u00f3n, Campus Puebla, Puebla 72453, Mexico"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-1599-3055","authenticated-orcid":false,"given":"Luis Pablo","family":"Rocha P\u00e9rez","sequence":"additional","affiliation":[{"name":"Facultad de Ingenier\u00eda, Universidad Aut\u00f3noma de San Luis Potos\u00ed (UASLP), Zona Universitaria, San Luis Potos\u00ed 78290, Mexico"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7573-6272","authenticated-orcid":false,"given":"Luis Javier","family":"Garc\u00eda Villalba","sequence":"additional","affiliation":[{"name":"Facultad de Inform\u00e1tica, Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Computer Science and Engineering, Office 431, Universidad Complutense de Madrid (UCM), 28040 Madrid, Spain"}]}],"member":"1968","published-online":{"date-parts":[[2023,6,8]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"101728","DOI":"10.1016\/j.scs.2019.101728","article-title":"Internet of Things: Evolution and technologies from a security perspective","volume":"54","author":"Ande","year":"2020","journal-title":"Sustain. Cities Soc."},{"key":"ref_2","unstructured":"Vailshery, L.S. (2021). IoT and non-IoT connections worldwide 2010\u20132025. Stat. March, Available online: https:\/\/www.statista.com\/statistics\/1101442\/iot-number-of-connected-devices-worldwide\/."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Alrashdi, I., Alqazzaz, A., Aloufi, E., Alharthi, R., Zohdy, M.A., and Hua, M. (2019, January 7\u20139). AD-IoT: Anomaly Detection of IoT Cyberattacks in Smart City Using Machine Learning. Proceedings of the 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA.","DOI":"10.1109\/CCWC.2019.8666450"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Zubair, M., Ghubaish, A., Unal, D., Al-Ali, A., Reimann, T., Alinier, G., Hammoudeh, M., and Qadir, J. (2022). Secure Bluetooth Communication in Smart Healthcare Systems: A Novel Community Dataset and Intrusion Detection System. Sensors, 22.","DOI":"10.3390\/s22218280"},{"key":"ref_5","unstructured":"Tziampazis, C. (2019). Exposure Assessment on Medical Devices in the Netherlands. [Bachelor\u2019s Thesis, University of Twente]."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"e2","DOI":"10.4108\/eai.13-7-2018.155079","article-title":"Security and privacy issues with IoT in healthcare","volume":"4","author":"Chacko","year":"2018","journal-title":"Eai Endorsed Trans. Pervasive Health Technol."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Jeng, M.Y., Yeh, T.M., and Pai, F.Y. (2022). A Performance Evaluation Matrix for Measuring the Life Satisfaction of Older Adults Using eHealth Wearables. Healthcare, 10.","DOI":"10.3390\/healthcare10040605"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Ibrahim, M., Alsheikh, A., and Matar, A. (2020). Attack graph modeling for implantable pacemaker. Biosensors, 10.","DOI":"10.3390\/bios10020014"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"1229","DOI":"10.12785\/ijcds\/0906020","article-title":"Cyber-attacks on medical implants: A case study of Cardiac Pacemaker vulnerability","volume":"9","author":"Rehman","year":"2020","journal-title":"Int. J. Comput. Digit. Syst."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"48","DOI":"10.1145\/3524107","article-title":"Deploying Decentralized, Privacy-Preserving Proximity Tracing","volume":"65","author":"Troncoso","year":"2022","journal-title":"Commun. ACM"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Shah, Y., and Sengupta, S. (2020, January 28\u201331). A survey on Classification of Cyber-attacks on IoT and IIoT devices. Proceedings of the 2020 11th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), New York, NY, USA.","DOI":"10.1109\/UEMCON51285.2020.9298138"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"147","DOI":"10.1016\/j.dcan.2018.10.009","article-title":"Developing a platform to evaluate and assess the security of wearable devices","volume":"5","author":"Hale","year":"2019","journal-title":"Digit. Commun. Netw."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Rodr\u00edguez, E., Otero, B., and Canal, R. (2023). A Survey of Machine and Deep Learning Methods for Privacy Protection in the Internet of Things. Sensors, 23.","DOI":"10.3390\/s23031252"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Bodin, W.K., Jaramillo, D., Marimekala, S.K., and Ganis, M. (2015, January 19\u201320). Security challenges and data implications by using smartwatch devices in the enterprise. Proceedings of the 2015 12th International Conference & Expo on Emerging Technologies for a Smarter World (CEWIT), Melville, NY, USA.","DOI":"10.1109\/CEWIT.2015.7338164"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Ioannidou, I., and Sklavos, N. (2021). On General Data Protection Regulation Vulnerabilities and Privacy Issues, for Wearable Devices and Fitness Tracking Applications. Cryptography, 5.","DOI":"10.3390\/cryptography5040029"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"9","DOI":"10.1016\/j.cvdhj.2020.06.004","article-title":"When smartwatches contribute to health anxiety in patients with atrial fibrillation","volume":"1","author":"Rosman","year":"2020","journal-title":"Cardiovasc. Digit. Health J."},{"key":"ref_17","unstructured":"Rich, E., Miah, A., Lupton, D., and Lewis, S. (2020). Digital Health Generation? Young People\u2019s Use of \u2018Healthy Lifestyle\u2019 Technologies, University of Bath."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"e18286","DOI":"10.2196\/18286","article-title":"Young People\u2019s Use of Digital Health Technologies in the Global North: Narrative Review","volume":"23","author":"Lupton","year":"2021","journal-title":"J. Med. Internet. Res."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"98","DOI":"10.1080\/14461242.2016.1196599","article-title":"Are we fit yet? English adolescent girls\u2019 experiences of health and fitness apps","volume":"26","author":"Depper","year":"2017","journal-title":"Health Sociol. Rev."},{"key":"ref_20","first-page":"121","article-title":"Guide to Bluetooth security","volume":"800","author":"Padgette","year":"2017","journal-title":"Nist Spec. Publ."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Sadhu, P.K., Yanambaka, V.P., and Abdelgawad, A. (2022). Internet of Things: Security and Solutions Survey. Sensors, 22.","DOI":"10.3390\/s22197433"},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"2573","DOI":"10.1109\/COMST.2017.2731979","article-title":"A survey of wearable devices and challenges","volume":"19","author":"Seneviratne","year":"2017","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"7295","DOI":"10.1109\/JIOT.2020.2984030","article-title":"Detecting Behavioral Change of IoT Devices Using Clustering-Based Network Traffic Modeling","volume":"7","author":"Sivanathan","year":"2020","journal-title":"IEEE Internet Things J."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"678","DOI":"10.1109\/ACCESS.2015.2437951","article-title":"The internet of things for health care: A comprehensive survey","volume":"3","author":"Islam","year":"2015","journal-title":"IEEE Access"},{"key":"ref_25","first-page":"31","article-title":"Security challenges facing IoT layers and its protective measures","volume":"179","author":"Rao","year":"2018","journal-title":"Int. J. Comput. Appl."},{"key":"ref_26","first-page":"19","article-title":"Wearable technology devices security and privacy vulnerability analysis","volume":"8","author":"Ching","year":"2016","journal-title":"Int. J. Netw. Secur. Its Appl."},{"key":"ref_27","unstructured":"(2015). What could derail the wearables revolution?. Nature, 525, 22\u201324."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"442","DOI":"10.1016\/j.tcm.2019.10.010","article-title":"How useful is the smartwatch ECG?","volume":"30","author":"Isakadze","year":"2020","journal-title":"Trends Cardiovasc. Med."},{"key":"ref_29","unstructured":"Bakhshiyeva, A., and Berefelt, G. (2022). Eavesdropping Attacks on Modern-Day Connected Vehicles and Their Ramifications, KTH Royal Institute of Technology, School of Electrical Engineering and Computer Science."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Lee, M., Lee, K., Shim, J., Cho, S.j., and Choi, J. (2016, January 26\u201328). Security threat on wearable services: Empirical study using a commercial smartband. Proceedings of the 2016 IEEE International Conference on Consumer Electronics-Asia (ICCE-Asia), Seoul, Republic of Korea.","DOI":"10.1109\/ICCE-Asia.2016.7804766"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"447","DOI":"10.1109\/TMC.2015.2418774","article-title":"Secure Management of Low Power Fitness Trackers","volume":"15","author":"Rahman","year":"2016","journal-title":"IEEE Trans. Mob. Comput."},{"key":"ref_32","first-page":"589","article-title":"A novel out-of-band biometrics authentication scheme for wearable devices","volume":"42","author":"Singh","year":"2020","journal-title":"Int. J. Comput. Appl."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"23","DOI":"10.37868\/sei.v3i1.124","article-title":"Survey of DoS\/DDoS attacks in IoT","volume":"3","author":"Khader","year":"2021","journal-title":"Sustain. Eng. Innov."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Lonzetta, A.M., Cope, P., Campbell, J., Mohd, B.J., and Hayajneh, T. (2018). Security vulnerabilities in Bluetooth technology as used in IoT. J. Sens. Actuator Netw., 7.","DOI":"10.3390\/jsan7030028"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Sun, D.Z., Sun, L., and Yang, Y. (2019). On secure simple pairing in Bluetooth standard v5. 0-part II: Privacy analysis and enhancement for low energy. Sensors, 19.","DOI":"10.3390\/s19153259"},{"key":"ref_36","first-page":"7","article-title":"A study on vulnerabilities and threats to wearable devices","volume":"7","author":"Blow","year":"2020","journal-title":"J. Colloq. Inf. Syst. Secur. Educ."},{"key":"ref_37","unstructured":"Garbelini, M.E., Wang, C., Chattopadhyay, S., Sun, S., and Kurniawan, E. (2020, January 15\u201317). Sweyntooth: Unleashing mayhem over Bluetooth Low Eenergy. Proceedings of the 2020 USENIX Conference on Usenix Annual Technical Conference, Boston, MA, USA."},{"key":"ref_38","unstructured":"Bada, M., and von Solms, B. (2023). The Fifth International Conference on Safety and Security with IoT, Springer."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Zhang, C., Shahriar, H., and Riad, A.K. (2020, January 13\u201317). Security and Privacy Analysis of Wearable Health Device. Proceedings of the 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC), Madrid, Spain.","DOI":"10.1109\/COMPSAC48688.2020.00044"},{"key":"ref_40","unstructured":"Cyr, B., Horn, W., Miao, D., and Specter, M. (2014). Security analysis of wearable fitness devices (fitbit). Mass. Inst. Technol., Available online: https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2015\/03\/20082016\/17-cyrbritt-webbhorn-specter-dmiao-hacking-fitbit.pdf."},{"key":"ref_41","unstructured":"Cusack, B., Antony, B., Ward, G., and Mody, S. (2023, March 05). Assessment of Security Vulnerabilities in Wearable Devices, 2017. Available online: https:\/\/ro.ecu.edu.au\/ism\/207\/."},{"key":"ref_42","unstructured":"Ryan, M. (2013, January 13). Bluetooth: With low energy comes low security. Proceedings of the 7th USENIX Workshop on Offensive Technologies (WOOT 13), Washington, DC, USA."},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Kurt Peker, Y., Bello, G., and Perez, A.J. (2022). On the Security of Bluetooth Low Energy in Two Consumer Wearable Heart Rate Monitors\/Sensing Devices. Sensors, 22.","DOI":"10.3390\/s22030988"},{"key":"ref_44","unstructured":"Al Kalaa, M.O., Balid, W., Bitar, N., and Refai, H.H. (2016, January 3\u20136). Evaluating Bluetooth Low Energy in realistic wireless environments. Proceedings of the 2016 IEEE Wireless Communications and Networking Conference, Doha, Qatar."},{"key":"ref_45","unstructured":"Hager, C.T., and MidKiff, S.F. (2003, January 16\u201320). An analysis of Bluetooth security vulnerabilities. Proceedings of the 2003 IEEE Wireless Communications and Networking, 2003. WCNC 2003, New Orleans, LA, USA."},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"801","DOI":"10.5603\/CJ.2021.0140","article-title":"An Apple Watch a day keeps the doctor away?","volume":"28","author":"Basza","year":"2021","journal-title":"Cardiol. J."},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"251","DOI":"10.1109\/OJCOMS.2022.3149732","article-title":"Security and privacy threats for bluetooth low energy in iot and wearable devices: A comprehensive survey","volume":"3","author":"Barua","year":"2022","journal-title":"IEEE Open J. Commun. Soc."},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"5749","DOI":"10.1007\/s12652-019-01502-z","article-title":"Ble injection-free attack: A novel attack on bluetooth low energy devices","volume":"14","author":"Santos","year":"2019","journal-title":"J. Ambient. Intell. Humaniz. Comput."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/12\/5438\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T19:50:53Z","timestamp":1760125853000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/12\/5438"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,6,8]]},"references-count":48,"journal-issue":{"issue":"12","published-online":{"date-parts":[[2023,6]]}},"alternative-id":["s23125438"],"URL":"https:\/\/doi.org\/10.3390\/s23125438","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,6,8]]}}}