Breaking Fitness Records Without Moving: Reverse Engineering and Spoofing Fitbit View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2017-10-12

AUTHORS

Hossein Fereidooni , Jiska Classen , Tom Spink , Paul Patras , Markus Miettinen , Ahmad-Reza Sadeghi , Matthias Hollick , Mauro Conti

ABSTRACT

Tens of millions of wearable fitness trackers are shipped yearly to consumers who routinely collect information about their exercising patterns. Smartphones push this health-related data to vendors’ cloud platforms, enabling users to analyze summary statistics on-line and adjust their habits. Third-parties including health insurance providers now offer discounts and financial rewards in exchange for such private information and evidence of healthy lifestyles. Given the associated monetary value, the authenticity and correctness of the activity data collected becomes imperative. In this paper, we provide an in-depth security analysis of the operation of fitness trackers commercialized by Fitbit, the wearables market leader. We reveal an intricate security through obscurity approach implemented by the user activity synchronization protocol running on the devices we analyze. Although non-trivial to interpret, we reverse engineer the message semantics, demonstrate how falsified user activity reports can be injected, and argue that based on our discoveries, such attacks can be performed at scale to obtain financial gains. We further document a hardware attack vector that enables circumvention of the end-to-end protocol encryption present in the latest Fitbit firmware, leading to the spoofing of valid encrypted fitness data. Finally, we give guidelines for avoiding similar vulnerabilities in future system designs. More... »

PAGES

48-69

Book

TITLE

Research in Attacks, Intrusions, and Defenses

ISBN

978-3-319-66331-9
978-3-319-66332-6

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-319-66332-6_3

DOI

http://dx.doi.org/10.1007/978-3-319-66332-6_3

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1092165470


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0804", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Data Format", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "University of Padua, Padua, Italy", 
          "id": "http://www.grid.ac/institutes/grid.5608.b", 
          "name": [
            "University of Padua, Padua, Italy"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Fereidooni", 
        "givenName": "Hossein", 
        "id": "sg:person.015500675355.13", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015500675355.13"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Technische Universit\u00e4t Darmstadt, Darmstadt, Germany", 
          "id": "http://www.grid.ac/institutes/grid.6546.1", 
          "name": [
            "Technische Universit\u00e4t Darmstadt, Darmstadt, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Classen", 
        "givenName": "Jiska", 
        "id": "sg:person.07747371321.39", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.07747371321.39"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of Edinburgh, Edinburgh, UK", 
          "id": "http://www.grid.ac/institutes/grid.4305.2", 
          "name": [
            "University of Edinburgh, Edinburgh, UK"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Spink", 
        "givenName": "Tom", 
        "id": "sg:person.011261250722.37", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011261250722.37"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of Edinburgh, Edinburgh, UK", 
          "id": "http://www.grid.ac/institutes/grid.4305.2", 
          "name": [
            "University of Edinburgh, Edinburgh, UK"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Patras", 
        "givenName": "Paul", 
        "id": "sg:person.011070021645.51", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011070021645.51"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Technische Universit\u00e4t Darmstadt, Darmstadt, Germany", 
          "id": "http://www.grid.ac/institutes/grid.6546.1", 
          "name": [
            "Technische Universit\u00e4t Darmstadt, Darmstadt, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Miettinen", 
        "givenName": "Markus", 
        "id": "sg:person.015462765266.20", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015462765266.20"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Technische Universit\u00e4t Darmstadt, Darmstadt, Germany", 
          "id": "http://www.grid.ac/institutes/grid.6546.1", 
          "name": [
            "Technische Universit\u00e4t Darmstadt, Darmstadt, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Sadeghi", 
        "givenName": "Ahmad-Reza", 
        "id": "sg:person.014254211041.55", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014254211041.55"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Technische Universit\u00e4t Darmstadt, Darmstadt, Germany", 
          "id": "http://www.grid.ac/institutes/grid.6546.1", 
          "name": [
            "Technische Universit\u00e4t Darmstadt, Darmstadt, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Hollick", 
        "givenName": "Matthias", 
        "id": "sg:person.010143067443.79", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010143067443.79"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of Padua, Padua, Italy", 
          "id": "http://www.grid.ac/institutes/grid.5608.b", 
          "name": [
            "University of Padua, Padua, Italy"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Conti", 
        "givenName": "Mauro", 
        "id": "sg:person.010537540667.47", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010537540667.47"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2017-10-12", 
    "datePublishedReg": "2017-10-12", 
    "description": "Tens of millions of wearable fitness trackers are shipped yearly to consumers who routinely collect information about their exercising patterns. Smartphones push this health-related data to vendors\u2019 cloud platforms, enabling users to analyze summary statistics on-line and adjust their habits. Third-parties including health insurance providers now offer discounts and financial rewards in exchange for such private information and evidence of healthy lifestyles. Given the associated monetary value, the authenticity and correctness of the activity data collected becomes imperative. In this paper, we provide an in-depth security analysis of the operation of fitness trackers commercialized by Fitbit, the wearables market leader. We reveal an intricate security through obscurity approach implemented by the user activity synchronization protocol running on the devices we analyze. Although non-trivial to interpret, we reverse engineer the message semantics, demonstrate how falsified user activity reports can be injected, and argue that based on our discoveries, such attacks can be performed at scale to obtain financial gains. We further document a hardware attack vector that enables circumvention of the end-to-end protocol encryption present in the latest Fitbit firmware, leading to the spoofing of valid encrypted fitness data. Finally, we give guidelines for avoiding similar vulnerabilities in future system designs.", 
    "editor": [
      {
        "familyName": "Dacier", 
        "givenName": "Marc", 
        "type": "Person"
      }, 
      {
        "familyName": "Bailey", 
        "givenName": "Michael", 
        "type": "Person"
      }, 
      {
        "familyName": "Polychronakis", 
        "givenName": "Michalis", 
        "type": "Person"
      }, 
      {
        "familyName": "Antonakakis", 
        "givenName": "Manos", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-319-66332-6_3", 
    "inLanguage": "en", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-319-66331-9", 
        "978-3-319-66332-6"
      ], 
      "name": "Research in Attacks, Intrusions, and Defenses", 
      "type": "Book"
    }, 
    "keywords": [
      "depth security analysis", 
      "such private information", 
      "fitness trackers", 
      "health-related data", 
      "cloud platform", 
      "security analysis", 
      "protocol encryption", 
      "attack vectors", 
      "such attacks", 
      "message semantics", 
      "future system design", 
      "synchronization protocol", 
      "system design", 
      "private information", 
      "tens of millions", 
      "tracker", 
      "similar vulnerability", 
      "encryption", 
      "spoofing", 
      "firmware", 
      "semantics", 
      "information", 
      "smartphones", 
      "users", 
      "security", 
      "correctness", 
      "vendors", 
      "platform", 
      "wearable fitness trackers", 
      "health insurance providers", 
      "fitness data", 
      "activity data", 
      "market leader", 
      "attacks", 
      "financial gain", 
      "fitness records", 
      "authenticity", 
      "protocol", 
      "millions", 
      "providers", 
      "data", 
      "Fitbit", 
      "engineering", 
      "operation", 
      "devices", 
      "design", 
      "activity reports", 
      "insurance providers", 
      "vector", 
      "vulnerability", 
      "summary statistics", 
      "discovery", 
      "consumers", 
      "statistics", 
      "tens", 
      "gain", 
      "exchange", 
      "circumvention", 
      "end", 
      "reward", 
      "records", 
      "analysis", 
      "patterns", 
      "discount", 
      "monetary value", 
      "financial rewards", 
      "guidelines", 
      "leaders", 
      "lines", 
      "scale", 
      "values", 
      "healthy lifestyle", 
      "habits", 
      "report", 
      "lifestyle", 
      "evidence", 
      "paper", 
      "approach", 
      "wearables market leader", 
      "intricate security", 
      "obscurity approach", 
      "user activity synchronization protocol", 
      "activity synchronization protocol", 
      "falsified user activity reports", 
      "user activity reports", 
      "hardware attack vector", 
      "end protocol encryption", 
      "latest Fitbit firmware", 
      "Fitbit firmware", 
      "Spoofing Fitbit"
    ], 
    "name": "Breaking Fitness Records Without Moving: Reverse Engineering and Spoofing Fitbit", 
    "pagination": "48-69", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1092165470"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-319-66332-6_3"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-319-66332-6_3", 
      "https://app.dimensions.ai/details/publication/pub.1092165470"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2021-11-01T19:00", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20211101/entities/gbq_results/chapter/chapter_407.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-319-66332-6_3"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-66332-6_3'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-66332-6_3'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-66332-6_3'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-66332-6_3'


 

This table displays all metadata directly associated to this object as RDF triples.

220 TRIPLES      23 PREDICATES      115 URIs      108 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-319-66332-6_3 schema:about anzsrc-for:08
2 anzsrc-for:0804
3 schema:author N0b2f99576e6446b5a6dd2b323e30fb25
4 schema:datePublished 2017-10-12
5 schema:datePublishedReg 2017-10-12
6 schema:description Tens of millions of wearable fitness trackers are shipped yearly to consumers who routinely collect information about their exercising patterns. Smartphones push this health-related data to vendors’ cloud platforms, enabling users to analyze summary statistics on-line and adjust their habits. Third-parties including health insurance providers now offer discounts and financial rewards in exchange for such private information and evidence of healthy lifestyles. Given the associated monetary value, the authenticity and correctness of the activity data collected becomes imperative. In this paper, we provide an in-depth security analysis of the operation of fitness trackers commercialized by Fitbit, the wearables market leader. We reveal an intricate security through obscurity approach implemented by the user activity synchronization protocol running on the devices we analyze. Although non-trivial to interpret, we reverse engineer the message semantics, demonstrate how falsified user activity reports can be injected, and argue that based on our discoveries, such attacks can be performed at scale to obtain financial gains. We further document a hardware attack vector that enables circumvention of the end-to-end protocol encryption present in the latest Fitbit firmware, leading to the spoofing of valid encrypted fitness data. Finally, we give guidelines for avoiding similar vulnerabilities in future system designs.
7 schema:editor N880b36bb287f44bbb349c6407814c56d
8 schema:genre chapter
9 schema:inLanguage en
10 schema:isAccessibleForFree true
11 schema:isPartOf Ncd7c52bda43e4de5af26e432bb05176b
12 schema:keywords Fitbit
13 Fitbit firmware
14 Spoofing Fitbit
15 activity data
16 activity reports
17 activity synchronization protocol
18 analysis
19 approach
20 attack vectors
21 attacks
22 authenticity
23 circumvention
24 cloud platform
25 consumers
26 correctness
27 data
28 depth security analysis
29 design
30 devices
31 discount
32 discovery
33 encryption
34 end
35 end protocol encryption
36 engineering
37 evidence
38 exchange
39 falsified user activity reports
40 financial gain
41 financial rewards
42 firmware
43 fitness data
44 fitness records
45 fitness trackers
46 future system design
47 gain
48 guidelines
49 habits
50 hardware attack vector
51 health insurance providers
52 health-related data
53 healthy lifestyle
54 information
55 insurance providers
56 intricate security
57 latest Fitbit firmware
58 leaders
59 lifestyle
60 lines
61 market leader
62 message semantics
63 millions
64 monetary value
65 obscurity approach
66 operation
67 paper
68 patterns
69 platform
70 private information
71 protocol
72 protocol encryption
73 providers
74 records
75 report
76 reward
77 scale
78 security
79 security analysis
80 semantics
81 similar vulnerability
82 smartphones
83 spoofing
84 statistics
85 such attacks
86 such private information
87 summary statistics
88 synchronization protocol
89 system design
90 tens
91 tens of millions
92 tracker
93 user activity reports
94 user activity synchronization protocol
95 users
96 values
97 vector
98 vendors
99 vulnerability
100 wearable fitness trackers
101 wearables market leader
102 schema:name Breaking Fitness Records Without Moving: Reverse Engineering and Spoofing Fitbit
103 schema:pagination 48-69
104 schema:productId N056478d2062d4e7482a419cb149fbc6b
105 N8a271444ee3f4a4ab1c69d8311ff9da7
106 schema:publisher N54fd1fad8e554d7f8ce67ed01c3353b9
107 schema:sameAs https://app.dimensions.ai/details/publication/pub.1092165470
108 https://doi.org/10.1007/978-3-319-66332-6_3
109 schema:sdDatePublished 2021-11-01T19:00
110 schema:sdLicense https://scigraph.springernature.com/explorer/license/
111 schema:sdPublisher N298a13cbf17f497d82f3ea36f7a40df1
112 schema:url https://doi.org/10.1007/978-3-319-66332-6_3
113 sgo:license sg:explorer/license/
114 sgo:sdDataset chapters
115 rdf:type schema:Chapter
116 N056478d2062d4e7482a419cb149fbc6b schema:name dimensions_id
117 schema:value pub.1092165470
118 rdf:type schema:PropertyValue
119 N0b2f99576e6446b5a6dd2b323e30fb25 rdf:first sg:person.015500675355.13
120 rdf:rest Ne739962ad2b34ca79d05261edb7b4666
121 N0e89103508024cfca7b33ac9facd2b51 schema:familyName Antonakakis
122 schema:givenName Manos
123 rdf:type schema:Person
124 N13d0f7063dc54ea3895d269d1d5dab59 rdf:first sg:person.015462765266.20
125 rdf:rest N94cac2fbc2cf48bcb520c28b4dd02741
126 N1f23555d11a64cf297b42c5073a06929 rdf:first N0e89103508024cfca7b33ac9facd2b51
127 rdf:rest rdf:nil
128 N298a13cbf17f497d82f3ea36f7a40df1 schema:name Springer Nature - SN SciGraph project
129 rdf:type schema:Organization
130 N3754eef7284b401a93c4198fe397d4ca rdf:first sg:person.010537540667.47
131 rdf:rest rdf:nil
132 N39f7d7ef314143f8bdf851bbb94deee3 rdf:first sg:person.011070021645.51
133 rdf:rest N13d0f7063dc54ea3895d269d1d5dab59
134 N41714a1de1f64f019c70d5f2c8a70253 rdf:first Ncbe0a3b17f2342228e37e29b5dafc5bc
135 rdf:rest N1f23555d11a64cf297b42c5073a06929
136 N54fd1fad8e554d7f8ce67ed01c3353b9 schema:name Springer Nature
137 rdf:type schema:Organisation
138 N880b36bb287f44bbb349c6407814c56d rdf:first Ne75c3598d3554f1684204967c66d2357
139 rdf:rest N8e4be6b68c3240d689c92b2b17b662c2
140 N8a271444ee3f4a4ab1c69d8311ff9da7 schema:name doi
141 schema:value 10.1007/978-3-319-66332-6_3
142 rdf:type schema:PropertyValue
143 N8ac02fec50d14687a5da804e63ea69ec rdf:first sg:person.011261250722.37
144 rdf:rest N39f7d7ef314143f8bdf851bbb94deee3
145 N8e4be6b68c3240d689c92b2b17b662c2 rdf:first Nc2ceb25c183e47ecbc812990921a5d50
146 rdf:rest N41714a1de1f64f019c70d5f2c8a70253
147 N94cac2fbc2cf48bcb520c28b4dd02741 rdf:first sg:person.014254211041.55
148 rdf:rest Nbf3b8f6217384f33b1099068109a449d
149 Nbf3b8f6217384f33b1099068109a449d rdf:first sg:person.010143067443.79
150 rdf:rest N3754eef7284b401a93c4198fe397d4ca
151 Nc2ceb25c183e47ecbc812990921a5d50 schema:familyName Bailey
152 schema:givenName Michael
153 rdf:type schema:Person
154 Ncbe0a3b17f2342228e37e29b5dafc5bc schema:familyName Polychronakis
155 schema:givenName Michalis
156 rdf:type schema:Person
157 Ncd7c52bda43e4de5af26e432bb05176b schema:isbn 978-3-319-66331-9
158 978-3-319-66332-6
159 schema:name Research in Attacks, Intrusions, and Defenses
160 rdf:type schema:Book
161 Ne739962ad2b34ca79d05261edb7b4666 rdf:first sg:person.07747371321.39
162 rdf:rest N8ac02fec50d14687a5da804e63ea69ec
163 Ne75c3598d3554f1684204967c66d2357 schema:familyName Dacier
164 schema:givenName Marc
165 rdf:type schema:Person
166 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
167 schema:name Information and Computing Sciences
168 rdf:type schema:DefinedTerm
169 anzsrc-for:0804 schema:inDefinedTermSet anzsrc-for:
170 schema:name Data Format
171 rdf:type schema:DefinedTerm
172 sg:person.010143067443.79 schema:affiliation grid-institutes:grid.6546.1
173 schema:familyName Hollick
174 schema:givenName Matthias
175 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010143067443.79
176 rdf:type schema:Person
177 sg:person.010537540667.47 schema:affiliation grid-institutes:grid.5608.b
178 schema:familyName Conti
179 schema:givenName Mauro
180 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010537540667.47
181 rdf:type schema:Person
182 sg:person.011070021645.51 schema:affiliation grid-institutes:grid.4305.2
183 schema:familyName Patras
184 schema:givenName Paul
185 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011070021645.51
186 rdf:type schema:Person
187 sg:person.011261250722.37 schema:affiliation grid-institutes:grid.4305.2
188 schema:familyName Spink
189 schema:givenName Tom
190 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011261250722.37
191 rdf:type schema:Person
192 sg:person.014254211041.55 schema:affiliation grid-institutes:grid.6546.1
193 schema:familyName Sadeghi
194 schema:givenName Ahmad-Reza
195 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014254211041.55
196 rdf:type schema:Person
197 sg:person.015462765266.20 schema:affiliation grid-institutes:grid.6546.1
198 schema:familyName Miettinen
199 schema:givenName Markus
200 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015462765266.20
201 rdf:type schema:Person
202 sg:person.015500675355.13 schema:affiliation grid-institutes:grid.5608.b
203 schema:familyName Fereidooni
204 schema:givenName Hossein
205 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015500675355.13
206 rdf:type schema:Person
207 sg:person.07747371321.39 schema:affiliation grid-institutes:grid.6546.1
208 schema:familyName Classen
209 schema:givenName Jiska
210 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.07747371321.39
211 rdf:type schema:Person
212 grid-institutes:grid.4305.2 schema:alternateName University of Edinburgh, Edinburgh, UK
213 schema:name University of Edinburgh, Edinburgh, UK
214 rdf:type schema:Organization
215 grid-institutes:grid.5608.b schema:alternateName University of Padua, Padua, Italy
216 schema:name University of Padua, Padua, Italy
217 rdf:type schema:Organization
218 grid-institutes:grid.6546.1 schema:alternateName Technische Universität Darmstadt, Darmstadt, Germany
219 schema:name Technische Universität Darmstadt, Darmstadt, Germany
220 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...