AUTHOR=Akinbi Alex , Raj Preethi Paul 

TITLE=A systematic security analysis of medical internet of things (MIoT) ecosystems in threat modeling scenarios

JOURNAL=Frontiers in the Internet of Things

VOLUME=Volume 4 - 2025

YEAR=2025

URL=https://www.frontiersin.org/journals/the-internet-of-things/articles/10.3389/friot.2025.1712430

DOI=10.3389/friot.2025.1712430

ISSN=2813-3110

ABSTRACT=The widespread adoption of Medical Internet of Things (MIoT) devices, particularly portable electrocardiogram (ECG) monitors, has accelerated since the COVID-19 pandemic, revolutionizing remote patient monitoring and healthcare delivery. However, this rapid integration has introduced significant cybersecurity challenges, especially in securing communication within the MIoT ecosystem. To address these concerns, this study presents a systematic security analysis of three popular portable ECG devices: the Beurer BM 95, KardiaMobile 6L, and OMRON Complete. The investigation begins with a structured literature review to develop a catalog of threats and a threat model specific to the devices’ ecosystem. Guided by this threat model, controlled experiments were conducted to perform penetration testing and security assessments. Our findings reveal multiple security weaknesses and vulnerabilities in the Bluetooth Low Energy (BLE) implementations on these devices, exposing them to potential exploitation and attacks. Additionally, simulated attacks on paired smartphones enabled the recovery of sensitive user and patient data, highlighting further risks within the ecosystem. By uncovering these vulnerabilities, this research highlights the urgent need for stronger security measures in MIoT devices. Addressing these issues proactively is essential to enhance device resilience and protect against emerging threats in connected healthcare environments.