Withings BPM Connect Wi-Fi Smart Blood Pressure Monitor
From Wiki-IoT
Classification
| Withings BPM Connect Wi-Fi Smart Blood Pressure Monitor | |
|---|---|
| Classification | |
| Grade | A- |
| Calculator version | 1 |
| Classification date | 2022-02-14 |
| Information | |
| Name | Withings BPM Connect, Wi-Fi Smart Blood Pressure Monitor |
| Brand | Withings |
| Generation | |
| Model(s) | Connect |
| Release date | 2019-07-17 |
| Type/Category | Blood Pressure Monitor |
| Website | [1] |
| Status | In sale |
| More | |
| Dimensions | 5.99cm x 5.48cm x 15.49cm |
| Mass | 0.36kg |
| Operating system | IOS & Android |
| Companion App | Health Mate app |
| CPU | |
| GPU | |
| Memory | Up to 8 measurements on-device between synchronizations |
| Storage | Unlimited storage on Withings cloud |
| Battery | 1 Lithium ion batteries required. |
| Power | Rechargeable battery |
| Charging | Charge via micro-USB cable Battery life: up to 6 months |
| Display | LED matrix screen |
| Camera | none |
| Sound | none |
| Connectivity | Bluetooth ; Wi-Fi |
| Device | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Known hardware tampering | None | [2] | no results searching for "withings" in the CVE database |
| Known vulnerabilities | None | https://www.fiercehealthcare.com/tech/hhs-cybersecurity-threat-log4j-attack http://cs.unb.ca/research-expo/expos/2018/submissions/20180403-14-12-rkaur1-at-unb.ca-security_vulnerabilities_in_e-health_devices.pdf | The Withings blood pressure device leaks its own identity in URLs, they found: any request from the device to its server, and any response from the server, included its brand. This is sufficient, the paper said, to tell an attacker that someone is using the monitor and how often they're taking their blood pressure. |
| Prior attacks | Very common | [3] | |
| Updatability | Very common | [4] | update tutorial of the withings blood pressure monitor |
| Category score | 2 | ||
| System | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Authentication with other systems | Full | [5] | compatible with android and ios smartphones |
| Communications | Encrypted with obselete encryption | [] | threat related to the communication with its server, the communication (number of uses, time of the day) can be seen by an attacker. |
| Storage | Encrypted with up-to-date encryption | [] | |
| Category score | 2 | ||
| User Authentication | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Account management | Full | [6] | with mobile application |
| Authentication | Secure | [7] | with mobile application |
| Brute-force protection | Exist | [] | no information found. |
| Event logging | Access event logged | [8] | communication with a server. |
| Passwords | Require change after setup with complexity requirements | [9] | |
| Category score | 1 | ||
| Grade | A- |
|---|
