Smart Rings, Smarter Threats: The BLE Security Perspective
The number of globally connected Internet of Things (IoT) wearable devices is projected to grow from 537.9 million units in 2024 to more than 645.7 million units in 2028 . Smart rings, a subset of IoT wearables, have seen a steep growth of 88.4% YoY from 2023. This increased rate of adoption can be attributed to a growing focus on quantification of healthcare data such as heart rate, body temperature, stress levels, sleep duration, and step count. Beyond health tracking, smart rings offer streamlined convenience in payments, home automation, and receiving notifications from mobile devices.
Bluetooth Low Energy (BLE), first introduced in Bluetooth 4.0, has become the default communication protocol in IoT wearables due to reduced energy consumption, ease of implementation, and wider network coverage. While there has been extensive research in BLE security for smart watches, medical and general IoT devices, the increased rate of adoption of smart rings and lack of specific security research implies a gap in the existing body of knowledge. Smart rings remain relatively new to the market, with popular models emerging only in 2024.
This paper hypothesizes that BLE vulnerabilities identified in smartwatches can be directly applied to smart rings, given their shared communication technology. To explore this, the study employs established guidelines from NIST Special Publication 800-121 Rev 2 and FIPS 186-5 for developing security recommendations for manufacturers and consumers. An analysis is conducted of leading smart ring models and the health data collected aiding consumers in making risk-informed decision-making processes before purchasing a device. Best practices for ensuring data privacy are elaborated upon for users to appropriately mitigate privacy risks.
Finally, the paper examines existing user perceptions surrounding IoT wearables, offering recommendations for manufacturers, consumers, and legislation. The intent is to identify gaps in current standards and encourage discussions among the three groups to consider security-centric regulatory standards for wearables utilizing BLE. This paper aims to add a security perspective for smart rings to the existing body of knowledge, providing a foundation for future research that must be conducted as IoT wearable technologies continue to evolve in form and capabilities.