The Rings of Tracking: Evaluating Security and Privacy in the Smart Ring Ecosystem

Smart rings represent the next innovation in health-tracking devices, capable of monitoring fitness, health, and sleep data. However, these devices also introduce user risks due to the sensitive data they handle. Despite their growing popularity, limited scientific research exists on their security and privacy implications. This paper systematically analyzed five smart rings, covering a range of prices and release dates. A test suite of 29 cases was applied to assess the security of the smart ring, companion app, and cloud backend. Critical vulnerabilities were found, including cleartext communication of sensitive data, unauthenticated firmware updates, and privacy violations like the lack of user consent. The findings highlight significant security and privacy risks in current devices, underscoring the need for CTI teams to integrate wearables and wearable devices into their threat models. Furthermore, we disclosed all identified vulnerabilities responsibly to the vendors.

The paper is available here:

Recommended citation: Ludwig, J., Moonsamy, V., Große-Kampmann, M. (2024 December). The Rings of Tracking: Evaluating Security and Privacy in the Smart Ring Ecosystem. In Proceedings of the Workshop on AI for Cyber Threat Intelligence (WAITI) 2024 - co-located with ACSAC 2024 (files/RingsofTracking.pdf)