Here, we performed and explained vulnerabilities in bluetooth communication between polar h10 heart rate sensor module and polar flow, polar beat application.
so, we found total 3 vulnerabilities as shown in below table and it's explained brief in above POLAR H10_HRM_Vulenrability_Assessment.pdf file.
| Vulnerability ID | Vulnerability | Severity | CVSS Score |
|---|---|---|---|
| BLE_VUL_01 | Polar h10 heart rate sensor Bluetooth services cloning and data fuzzing | HIGH | 8.0 |
| BLE_VUL_02 | App connected with duplicate Bluetooth advertisement module and data forging. | HIGH | 8.0 |
| BLE_VUL_03 | Polar beat App crashed by advertising data as Bluetooth module name polar h10 name | LOW | 3.3 |
Polar H10 is an extremely precise heart rate sensor, that comes along with the Polar Pro Chest Strap. Giving the topmost quality and interference-free ECG measurement, Polar H10 is known to be the most precise heart rate sensor. Monitor heart rate with maximum precision and connect heart rate to a great variety of training devices with Bluetooth® and ANT+.
link: https://www.polar.com/en/sensors/h10-heart-rate-sensor
App link :
polar flow : https://play.google.com/store/apps/details?id=fi.polar.polarflow&hl=en&gl=US
polar beat : https://play.google.com/store/apps/details?id=fi.polar.beat&hl=en&gl=US
