As if the war in Ukraine weren’t bad enough right here on Earth, it threatens knock-on effects that could be felt as far away as Mars. One victim of the deteriorating relationships between nations is the next phase of the ExoMars project, a joint ESA-Roscosmos mission that includes the Rosalind Franklin rover. The long-delayed mission was most recently set for launch in October 2022, but the ESA says that hitting the narrow launch window is now “very unlikely.” That’s a shame, since the orbital dynamics of Earth and Mars will mean that it’ll be 2024 before another Hohmann Transfer window opens. There are also going to be repercussions throughout the launch industry due to Russia pulling the Soyuz launch team out of the ESA’s spaceport in Guiana. And things have to be mighty tense aboard the ISS right about now, since the station requires periodic orbital boosting with Russian Progress rockets.
With wearables still trying to solidify themselves in the consumer health space, there are a number of factors to consider to improve the reliability of such devices in monitoring biometrics. One of the most critical such parameters is the sampling rate. By careful selection of this figure, developers can minimize errors in the measurement, preserve power, and reduce costs spent on data storage. For this reason, [Brinnae Bent] and [Dr. Jessilyn Dunn] wanted to determine the optimal sampling rate for wrist-worn optical heart rate monitors. We’ve shared their earlier paper on analyzing the accuracy of consumer health devices, so they’ve done a lot of work in this space.
The results of their paper probably don’t surprise anyone. The lower the sampling rate, the lower the accuracy of the measurement, and the higher the sampling rate the more accurate the measurement when compared to the gold standard electrocardiogram. They also found that metrics such as root mean square of successive differences (RMSSD), used for calculating heart rate variability, requires sampling rates greater than 64 Hz, the nominal sampling rate of the wearable they were investigating and of other similar devices. That might suggest why your wearable is a bit iffy when monitoring your sleeping habits. They even released the source code for their heart rate variability analysis, so there’s a nice afternoon read if you were looking for one.
What really stood out to us about their work is how they thoroughly backed up their claims with data. Something crowdfunding campaigns could really learn from.
Wearables are ubiquitous in today’s society. Such devices have evolved in their capabilities from step counters to devices that measure calories burnt, sleep, and heart rate. It’s pretty common to meet people using a wearable or two to track their fitness goals. However, a big question remains unanswered. How accurate are these wearable devices? Researchers from the Big Ideas Lab evaluated a group of wearables to assess their accuracy in measuring heart rate.
Unlike other studies with similar intentions, the Big Ideas Lab specifically wanted to address whether skin color had an effect on the accuracy of the heart rate measurements, and an FDA-cleared Bittium Faros 180 electrocardiogram was used as the benchmark. Overall, the researchers found that there was no difference in accuracy across skin tones, meaning that the same wearable will measure heart rate on a darker skin-toned individual the same as it would on a lighter skin-toned. Phew!
However, that may be the only good news for those wanting to use their wearable to accurately monitor their heart rate. The researchers found the overall accuracy of the devices relative to ECG was a bit variable with average errors of 7.2 beats per minute (BPM) in the consumer-grade wearables and 13.9 BPM in the research-grade wearables at rest. During activity, errors in the consumer-grade wearables climbed to an average of 10.2 BPM and 15.9 in the research-grade wearables. It’s interesting to see that the research-grade devices actually performed worse than the consumer devices.
And there’s a silver lining if you’re an Apple user. The Apple Watch performed consistently better than all other devices with mean errors between 4-5 BPM during rest and during activity, unless you’re breathing deeply, which threw the Apple for a loop.
So, it seems as if wrist-worn heart rate monitors still have some work to do where accuracy is concerned. Although skin tone isn’t a worry, they all become less accurate when the subject is moving around.
People who exercise with fitness trackers have a digital record of their workouts. They do it for a wide range of reasons, from gathering serious medical data to simply satisfying curiosity. When fitness data includes GPS coordinates, it raises personal privacy concerns. But even with individual data removed, such data was still informative enough to spill the beans on secretive facilities around the world.
This past weekend, [Nathan Ruser] announced on Twitter that Strava’s heatmap also managed to highlight exercise activity by military/intelligence personnel around the world, including some suspected but unannounced facilities. More worryingly, some of the mapped paths imply patrol and supply routes, knowledge security officers would prefer not to be shared with the entire world.
This is an extraordinary blunder which very succinctly illustrates a folly of Internet of Things. Strava’s anonymized data sharing obsfucated individuals, but didn’t manage to do the same for groups of individuals… like the fitness-minded active duty military personnel whose workout habits are clearly defined on these heat maps. The biggest contributor (besides wearing a tracking device in general) to this situation is that the data sharing is enabled by default and must be opted-out:
“You can opt-out of contributing your anonymized public activity data to Strava Metro and the Heatmap by unchecking the box in this section.” —Strava Blog, July 2017
[via Washington Post]
If you walked into a gym and asked to sniff exercise equipment you would get some mighty strange looks. If you tell hackers you’ve sniffed a Fitbit, you might be asked to give a presentation. [Jiska] and [DanielAW] were not only able to sniff Bluetooth data from a run-of-the-mill Fitbit fitness tracker, they were also able to connect to the hardware with data lines using test points etched right on the board. Their Fitbit sniffing talk at 34C3 can be seen after the break. We appreciate their warning that opening a Fitbit will undoubtedly void your warranty since Fitbits don’t fare so well after the sealed case is cracked. It’s all in the name of science.
There’s some interesting background on how Fitbit generally work. For instance, the Fitbit pairs with your phone which needs to be validated with the cloud server. But once the cloud server sends back authentication credentials they will never change because they’re bound to to the device ID of the Fitbit. This process is vulnerable to replay attacks.
Data begin sent between the Fitbit and the phone can be encrypted, but there is a live mode that sends the data as plain text. The implementation seemed to be security by obscurity as a new Bluetooth handle is used for this mode. This technique prevents the need to send every encrypted packet to the server for decryption (which would be for every heartbeat packet). So far the fix for this has been the ability to disable live mode. If you have your own Fitbit to play with, sniffing live mode would be a fun place to start.
The hardware side of this hack begins by completely removing the PCB from the rubber case. The board is running an STM32 and the team wanted to get deep access by enabling GDB. Unfortunately, the debug pins were only enabled during reset and the stock firmware disables them at startup (as it should). The workaround was to rewrite the firmware so that the necessary GPIO remain active and there’s an interesting approach here. You may remember [Daniel Wegemer] from the Nexmon project that reverse engineered the Nexus 5 WiFi. He leveraged the binary patching he used on Nexmon to patch the Fitbit firmware to enable debugging support. Sneaky!
Today Pebble has announced that it will cease all hardware production. Their outstanding Kickstarter deliveries will not be fulfilled but refunds will be issued. Warranties on all existing hardware will no longer be honored. However, the existing smartwatch service will continue… for now.
This isn’t unexpected, we ran an article yesterday about the all-but-certain rumors FitBit had acquired Pebble (and what led to that). Today’s news has turned speculation about Pebble 2 and Pebble Core Kickstarter campaigns into reality. You won’t get your hands on that fancy new hardware, but at least backers will have the money returned.
Perhaps the most interesting part of today’s blog post from the founder of Pebble, Eric Migicovsky, is about how this impacts more than a million watches already in the wild. Service will continue but (wait for it) “Pebble functionality or service quality may be reduced in the future.”
It’s not like this is a unique problem. Devices purchased by consumers that are dependent on phoning home to a server to function is a mounting issue. Earlier this year [Elliot Williams] coined this issue “Obsolescence as a Service” which is quite fitting. Anyone who still has a functional first generation iPad has enjoyed reduced quality of service; without available upgrades, you are unable to install most apps. It’s zombie hardware; electrons still flow but there’s no brain activity.
One of the perks associated with FitBit acquiring Pebble is that they have decided to keep those servers running for watches in the field. A cynic might look at the acquisition as FitBit reducing competition in the market — they wouldn’t have let hardware production cease if they were interested in acquiring the user base. At some point, those servers will stop working and the watches won’t be so smart after all. FitBit owns the IP which means they could open source everything needed for the community to build their own server infrastructure. When service quality “reduced in the future” that’s exactly what we want to see happen.
Despite owning five, including the original Pebble, I’ve always been somewhat skeptical about smart watches. Even so, the leaked news that Fitbit is buying Pebble for “a small amount” has me sort of depressed about the state of the wearables market. Because Pebble could have been a contender, although perhaps not for the reason you might guess.
Pebble is a pioneer of the wearables market, and launched its first smartwatch back in 2012, two years before the Apple Watch was announced. But after turning down an offer of $740 million by Citizen back in 2015, and despite cash injections from financing rounds and a recent $12.8 million Kickstarter, the company has struggled financially.
An offer of just $70 million earlier this year by Intel reflected Pebble’s reduced prospects, and the rumoured $30 to $40 million price being paid by Fitbit must be a disappointing outcome for a company that was riding high such a short time ago.