Skip to content
bhavukjain1

Hijacking an UltraHuman Ring: How Unauthenticated Bluetooth Allows Attackers to Steal and Modify Health Data

2 min read

Image

Imagine wearing a smart ring that tracks your health data—your heart rate, sleep patterns, and activity levels. Now, what if I told you that someone standing near you could hijack your ring, steal your private health data, and even modify it—all without your knowledge?

This is exactly what I discovered in the UltraHuman (UH) smart ring due to a flaw in its Bluetooth implementation. The issue? No authentication during pairing - really??. This allows an attacker to take over your ring and gain full access to read and modify its data.

The Vulnerability Explained

Many Bluetooth devices require authentication to prevent unauthorized access. However, the UH ring does not. Once your phone disconnects, anyone nearby can pair with your ring using the UH app, gaining complete control over your health data.

Steps to Exploit the Issue

  1. Victim’s Side:
    • A user pairs their UltraHuman ring with their phone and keeps the phone locked.
  2. Attacker’s Side:
    • Using another device, the attacker opens the UH app and tries to pair a new device.
    • They keep trying until a pairing popup appears for the UH ring.
    • Once paired, the attacker gains full read and write access to the ring’s data.

Why This Happens -

  • The UH ring does not maintain a constant Bluetooth connection with the original phone.
  • Once the victim’s phone is locked or Bluetooth disconnects, the ring becomes available for anyone to pair with.
  • Since there is no authentication, the attacker can simply connect and take control.

Who Can Exploit This?

Anyone within Bluetooth range (2-3 meters) can:

  • Steal health data – Read heart rate, sleep stats, and other personal metrics.
  • Modify data – Unpair a device, potentially tamper with health records, which could have serious consequences.
  • Disrupt tracking – Reset or delete logged health data.

Conclusion

UltraHuman markets its ring as one of the best smart rings in the world, offering top-tier usability and advanced health tracking features. However, at a premium price of ₹28,499 (approximately $330 USD), users rightfully expect basic security standards to protect their sensitive health data.

A lack of authentication in Bluetooth pairing is a serious security flaw, allowing attackers to hijack the ring, steal health data, and even modify it. UltraHuman was notified about this issue, and a disclosure was made after 30 days. However, as of publishing this post, the current firmware (2.00.07.13) remains vulnerable.

Until UltraHuman addresses this issue, would you still feel safe buying and using the UH ring?

Here's a video demonstrating this attack -

Youtube - https://www.youtube.com/watch?v=j0GN5_Rd-FE

Share this post:

© 2025 Bhavuk Jain

Built with 💛 + Gatsby