QIF-T0093

high

PPG pulse waveform biometric identification (cardiac signature fingerprinting via wearable optical sensor)

Tier 3 — Demonstrated (Lab-proven)

Legacy status: DEMONSTRATED

Photoplethysmography (PPG) sensors in smartwatches and fitness trackers measure blood volume changes through green LED light reflected from the wrist. The PPG waveform shape is unique per individual — determined by cardiac output, arterial stiffness, vessel geometry, and autonomic tone. Biswas et al. (2019) demonstrated >98% identification accuracy using deep learning on PPG waveforms. Unlike heart rate (a single number), the full PPG waveform is a rich biometric containing: pulse amplitude, dicrotic notch depth, systolic/diastolic ratio, pulse transit time, and waveform morphology. This biometric is continuously captured by any wearable with a heart rate sensor (Apple Watch, Fitbit, Galaxy Watch, Oura Ring). The user consents to heart rate monitoring, not to biometric identification from their cardiac waveform. Combined with T0088 (gait) and T0079 (ear canal), the attacker has three independent biometric channels from consumer devices.

Technique Details

Tactic: QIF-S.FP
Status: DEMONSTRATED
Bands: S1, S2, S3

✚ Therapeutic Application

Wearable PPG sensor captures unique cardiac pulse waveform morphology determined by cardiovascular physiology; deep learning extracts biometric identity from waveform features

Clinical Analog

PPG-based cardiovascular health monitoring

Treats

atrial fibrillation detection (Apple Watch FDA clearance)
blood pressure estimation (pulse wave analysis)
sleep apnea screening (SpO2 + pulse waveform)
vascular stiffness assessment

Neural Impact

3 of 7 neural bands affected

S1 S2 S3

Drag to rotate. Click a region to learn more.

Click or hover over a glowing region to see the attack techniques targeting it and their severity.

Scoring

NISS v1.1 NISS:1.1/BI:N/CR:N/CD:N/CV:I/RV:F/NP:N

CVSS v4.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

2.0Low

Governance

Neurorights at Risk

This technique threatens 2 of the 4 proposed neurorights (Ienca & Andorno, 2017).

MP Mental Privacy DI DI

Consent Complexity

0.48 / 4.0

FDORA §3305 Compliance

Cyber Device

Regulatory Coverage

0.5 / 1.0

524B Requirements

TM VA SBOM SA PM

Regulatory Gaps

! CVSS partially captures risk; neural dimensions missing
! No FDA pathway for consumer sensor exploitation

Population Vulnerability

CRB vulnerability adjustment (γ=0.30) accounts for age, diagnosis severity, consent capacity, and device dependency.

Population	NISS Base	Adjusted	Severity	Delta
Adult (Default)	2.0	2.0	Low	-
Child (10yr) + ADHD	2.0	2.4	Low	+0.35
Adult with ALS	2.0	2.3	Low	+0.32

Validation Status

Theoretical / Not yet validated. This technique has not been independently tested. See the validation dashboard for what has been tested.

Qinnovate Neural Security Atlas Edit this on GitHub