Security and privacy vulnerabilities in IoT-enabled medical devices: Analyzing cleartext data leakage and metadata exposure

The Internet of Things (IoT) revolutionizes healthcare by integrating everyday medical devices into electronic health systems. While these devices offer convenience and improved patient care, they also raise serious privacy concerns. This article evaluates the security and privacy vulnerabilities of commercially available IoT medical devices, specifically analyzing data transmission from four popular devices: Withings Smart Blood Pressure Monitor, Withings Smart Scale, iHealth Ease Wireless Blood Pressure Monitor, and 1byOne Digital Smart Wireless Scale. Network traffic captured through a custom Wi-Fi access point setup reveals that multiple devices transmit sensitive health data in cleartext, even when utilizing encryption protocols like SSL/TLS. Additionally, metadata exposure allows adversaries to infer sensitive user behaviors and medical conditions. A user-friendly monitoring interface that visualizes data flows and alerts users of potential privacy risks is proposed. The evidence underscores the need for stricter security standards and increased transparency in developing medical IoT devices.