research-article

BlueDoor: breaking the secure information flow via BLE vulnerability

Authors:

Zhe LiuAuthors Info & Claims

MobiSys '20: Proceedings of the 18th International Conference on Mobile Systems, Applications, and Services

Pages 286 - 298

https://doi.org/10.1145/3386901.3389025

Published: 15 June 2020 Publication History

Abstract

Today's smart devices like fitness tracker, smartwatch, etc., often employ Bluetooth Low Energy (BLE) for data transmission. Such devices thus become our information portal, e.g., SMS message and notifications are delivered to those devices through BLE. In this study, we present BlueDoor, which can obtain unauthorized information from smart devices via BLE vulnerability. We thoroughly examine the BLE protocol, and leverage its intrinsic properties designed for low-cost embedded and wearable devices to bypass the encryption and authentication in BLE. By mimicking a low capacity device to downgrade the process of encryption key negotiation and authentication, BlueDoor can enforce a new key with the peripheral BLE device and pass the authentication without user participation. As a result, BlueDoor can extract BLE packets as well as read/write stored data on BLE devices. We show that BlueDoor works well on the fundamental design tradeoff of using BLE on diverse embedded and wearable devices, and thus can be generalized to various BLE devices. We implement the BlueDoor design and examine its performance on 15 COTS BLE enabled smart devices, including fitness trackers, smartwatch, smart bulb, etc. The results show that BlueDoor can break the information flow and obtain different types of information (e.g., SMS message, notifications) delivered to BLE devices. In addition to privacy threats, this further means traditional operations such as using SMS for verification in widely adopted authentication, are insecure.

References

[1]

Artem Dementyev, Steve Hodges, Stuart Taylor, and Joshua Smith. Power consumption analysis of bluetooth low energy, zigbee and ant sensor nodes in a cyclic sleep scenario. In Proceedings of IWS, pages 1--4. IEEE, 2013.

[2]

Shamsaa Hilal Al Hosni. Bluetooth low energy: a survey. International Journal of Computer Applications, 162(1), 2017.

[3]

Bluetooth smart & smart ready market analysis by technology, by application (transportation, consumer electronics, home automation, medical), by region, and segment forecasts, 2018 - 2025. https://www.grandviewresearch.com/industry-analysis/bluetooth-smart-and-smart-ready-market.

[4]

Global wearables market grows 7.7 the leader position, says idc. https://www.idc.com/getdoc.jsp?containerId=prUS43598218.

[5]

New wearables forecast from idc shows smartwatches continuing their ascendance while wristbands face flat growth. https://www.idc.com/getdoc.jsp?containerId=prUS44000018.

[6]

Sławomir Jasek. Gattacking bluetooth smart devices. Black Hat USA, 2016.

[7]

Bluetooth specification (core_v4.2.pdf). https://www.bluetooth.org/DocMan/handlers/DownloadDoc.ashx?doc_id=286439.

[8]

Robert Davidson, Akiba, Carles Cufi, and Kevin Townsend. Getting started with bluetooth low energy, chapter04. https://www.oreilly.com/library/view/getting-started-with/9781491900550/ch04.html.

[9]

nrf connect github. https://github.com/NordicSemiconductor/Android-nRF-Connect.

[10]

Official site of bluez. http://www.bluez.org/.

[11]

nrf51 dongle. http://infocenter.nordicsemi.com/pdf/nRF51_Dongle_UG_vL0.pdf.

[12]

Bluetooth jamming: What for and how to? https://www.jammer-store.com/bluetooth-jamming-what-for-and-how-to.html.

[13]

Change bluetooth address. https://kasiviswanathanblog.wordpress.com/2017/03/28/change-bluetooth-address/.

[14]

Wireshark user documentation. https://www.wireshark.org/docs/.

[15]

The 2019 state of the auth report: Has 2fa hit mainstream yet? https://duo.com/blog/the-2019-state-of-the-auth-report-has-2fa-hit-mainstream-yet.

[16]

State of the auth. https://duo.com/assets/ebooks/state-of-the-auth-2019.pdf.

[17]

Bradley Reaves, Luis Vargas, Nolen Scaife, Dave Tian, Logan Blue, Patrick Traynor, and Kevin R. B. Butler. Characterizing the security of the sms ecosystem with public gateways. ACM Transactions on Privacy and Security, 22(1), December 2018.

Digital Library

[18]

Neetesh Saxena and Narendra S. Chaudhari. A secure approach for sms in gsm network. In Proceedings of the CUBE International Information Technology Conference, page 59--64, 2012.

Digital Library

[19]

Fenghao Xu, Wenrui Diao, Zhou Li, Jiongyi Chen, and Kehuan Zhang. Badbluetooth: Breaking android security mechanisms via malicious bluetooth peripherals. In Proceedings of NDSS, 2019.

[20]

Idc report: Xiaomi tops apple and fitbit with 21.5share in q3 2018. https://www.wearable-technologies.com/2018/12/idc-report-xiaomi-tops\-apple-and-fitbit-with-21-5/global-wearable-market-share-in-q3-2018/.

[21]

Key factors that determine the range of bluetooth. https://www.bluetooth.com/blog/3-key-factors-that-determinethe-range-of-bluetooth/.

[22]

Junjie Yin, Zheng Yang, Hao Cao, Tongtong Liu, Zimu Zhou, and Chenshu Wu. A survey on bluetooth 5.0 and mesh: New milestones of iot. ACM Transactions on Sensor Networks, 15(3), May 2019.

Digital Library

[23]

Wahhab Albazrqaoe, Jun Huang, and Guoliang Xing. Practical bluetooth traffic sniffing: Systems and privacy implications. In Proceedings of ACM MobiSys, pages 333--345, 2016.

Digital Library

[24]

Mike Ryan et al. Bluetooth: With low energy comes low security. WOOT, 13:4--4, 2013.

Digital Library

[25]

Ryan. Crackle - cracking bluetooth smart encryption. http://lacklustre.net/projects/crackle/.

[26]

Harry O'Sullivan. Security vulnerabilities of bluetooth low energy technology (ble). Tufts University, 2015.

[27]

Angela Lonzetta, Peter Cope, Joseph Campbell, Bassam Mohd, and Thaier Hayajneh. Security vulnerabilities in bluetooth technology as used in iot. Journal of Sensor and Actuator Networks, 7(3):28, 2018.

[28]

Ashwath Anand Pammi. Threats, Countermeasures, and Research Trends for BLE-Based IoT Devices. PhD thesis, Arizona State University, 2017.

[29]

Hui Jun Tay, Jiaqi Tan, and Priya Narasimhan. A survey of security vulnerabilities in bluetooth low energy beacons. Carnegie Mellon University Parallel Data Lab Technical Report CMU-PDL-16-109, 2016.

[30]

Wondimu K Zegeye. Exploiting bluetooth low energy pairing vulnerability in telemedicine. In International Telemetering Conference Proceedings, 2015.

[31]

Yanzhen Qu and Philip Chan. Assessing vulnerabilities in bluetooth low energy (ble) wireless network based iot systems. In Proceedings of IEEE 2nd International Conference on Big Data Security on Cloud, pages 42--48. IEEE, 2016.

[32]

Kasper B. Rasmussen Daniele Antonioli, Nils Ole Tippenhauer. The knob is broken: Exploiting low entropy in the encryption key negotiation of bluetooth br/edr. In Proceedings of USENIX Security Symposium, pages 1047--1061, 2019.

[33]

Keijo MJ Haataja and Konstantin Hypponen. Man-in-the-middle attacks on bluetooth: a comparative analysis, a novel attack, and countermeasures. In Proceedings of IEEE ISCCSP, pages 1096--1102, 2008.

[34]

Konstantin Hypponen and Keijo MJ Haataja. "nino" man-in-the-middle attack on bluetooth secure simple pairing. In The 3rd IEEE/IFIP International Conference in Central Asia on Internet, pages 1--5. IEEE, 2007.

[35]

Great Scott Gadgets. Ubertooth one. https://greatscottgadgets.com/ubertoothone/.

[36]

Aveek K Das, Parth H Pathak, Chen-Nee Chuah, and Prasant Mohapatra. Uncovering privacy leakage in ble network traffic of wearable fitness trackers. In Proceedings of the ACM International Workshop on HotMobile, pages 99--104, 2016.

Digital Library

[37]

Sheng Shen, He Wang, and Romit Roy Choudhury. I am a smartwatch and i can track my user's arm. In Proceedings of ACM Mobisys, pages 85--96. ACM, 2016.

Digital Library

[38]

Chao Xu, Parth H Pathak, and Prasant Mohapatra. Finger-writing with smartwatch: A case for finger and hand gesture recognition using smartwatch. In Proceedings of the ACM International Workshop on HotMobile, pages 9--14, 2015.

Digital Library

Cited By

Salehzadeh Niksirat KVelykoivanenko LZufferey NCherubini MHuguenin KHumbert M(2024)Wearable Activity Trackers: A Survey on Utility, Privacy, and SecurityACM Computing Surveys10.1145/364509156:7(1-40)Online publication date: 8-Feb-2024
https://dl.acm.org/doi/10.1145/3645091
Shen YLin FWang CLiu TBa ZLu LXu WRen K(2024)MotoPrint: Reconfigurable Vibration Motor Fingerprint via Homologous Signals LearningIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.325350721:1(372-387)Online publication date: Jan-2024
https://doi.org/10.1109/TDSC.2023.3253507
Wu JWu RXu DTian DBianchi A(2024)SoK: The Long Journey of Exploiting and Defending the Legacy of King Harald Bluetooth2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00023(2847-228066)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00023
Show More Cited By

Index Terms

BlueDoor: breaking the secure information flow via BLE vulnerability
1. Networks
  1. Network protocols
2. Security and privacy
  1. Network security
    1. Mobile and wireless security

Recommendations

BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy
ASIA CCS '22: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security

Bluetooth is a pervasive wireless technology specified in an open standard. The standard defines Bluetooth Classic (BT) for high-throughput wireless services and Bluetooth Low Energy (BLE) very low-power ones. The standard also specifies security ...
Key Negotiation Downgrade Attacks on Bluetooth and Bluetooth Low Energy

Bluetooth (BR/EDR) and Bluetooth Low Energy (BLE) are pervasive wireless technologies specified in the Bluetooth standard. The standard includes key negotiation protocols used to generate long-term keys (during pairing) and session keys (during secure ...
A power management solution for Bluetooth low energy in smart homes of internet of things

The internet of things IoT enabled home automation to become more and more popular. A goal of IoT is to make homes smarter, also thanks to the use of wireless technologies. Bluetooth low energy BLE has a high potential in becoming an important ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

MobiSys '20: Proceedings of the 18th International Conference on Mobile Systems, Applications, and Services

June 2020

496 pages

ISBN:9781450379540

DOI:10.1145/3386901

General Chairs:
Eyal de Lara
University of Toronto
,
Iqbal Mohomed
Samsung AI Centre Toronto
,
Program Chairs:
Jason Nieh
Columbia University
,
Elizabeth M. Belding
UC Santa Barbara

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 June 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Natural Science Foundation of Jiangsu
National Cryptography Development Fund
National Natural Science Fund for Excellent Young Scholars
Fundamental Research Funds for the Central Universities
National Natural Science Foundation of China

Conference

MobiSys '20

Sponsor:

SIGMOBILE

MobiSys '20: The 18th Annual International Conference on Mobile Systems, Applications, and Services

June 15 - 19, 2020

Ontario, Toronto, Canada

Acceptance Rates

Overall Acceptance Rate 274 of 1,679 submissions, 16%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
888
Total Downloads

Downloads (Last 12 months)93
Downloads (Last 6 weeks)12

Reflects downloads up to 15 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Salehzadeh Niksirat KVelykoivanenko LZufferey NCherubini MHuguenin KHumbert M(2024)Wearable Activity Trackers: A Survey on Utility, Privacy, and SecurityACM Computing Surveys10.1145/364509156:7(1-40)Online publication date: 8-Feb-2024
https://dl.acm.org/doi/10.1145/3645091
Shen YLin FWang CLiu TBa ZLu LXu WRen K(2024)MotoPrint: Reconfigurable Vibration Motor Fingerprint via Homologous Signals LearningIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.325350721:1(372-387)Online publication date: Jan-2024
https://doi.org/10.1109/TDSC.2023.3253507
Wu JWu RXu DTian DBianchi A(2024)SoK: The Long Journey of Exploiting and Defending the Legacy of King Harald Bluetooth2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00023(2847-228066)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00023
Zheng YDang FYang ZJiang JWang XWang LLiu KChen XLiu Y(2024)BlueKey: Exploiting Bluetooth Low Energy for Enhanced Physical-Layer Key GenerationIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621142(711-720)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621142
Allen AMylonas AVidalis SGritzalis D(2024)Smart homes under siegeComputers and Security10.1016/j.cose.2023.103687139:COnline publication date: 16-May-2024
https://dl.acm.org/doi/10.1016/j.cose.2023.103687
Gasteiger TBoano CRömer K(2023)BISONProceedings of the 2023 International Conference on embedded Wireless Systems and Networks10.5555/3639940.3639973(256-261)Online publication date: 15-Dec-2023
https://dl.acm.org/doi/10.5555/3639940.3639973
Casagrande MCestaro RLosiouk EConti MAntonioli DBoureanu ISchneider SReaves BTippenhauer N(2023)E-Spoofer: Attacking and Defending Xiaomi Electric Scooter EcosystemProceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3558482.3590176(85-95)Online publication date: 29-May-2023
https://dl.acm.org/doi/10.1145/3558482.3590176
Li ALi JZhang YHan DLi TZhang Y(2023)Secure UHF RFID Authentication With Smart DevicesIEEE Transactions on Wireless Communications10.1109/TWC.2022.322675322:7(4520-4533)Online publication date: Jul-2023
https://doi.org/10.1109/TWC.2022.3226753
Xin JPhoha VSalekin A(2022)Combating False Data Injection Attacks on Human-Centric Sensing ApplicationsProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35345776:2(1-22)Online publication date: 7-Jul-2022
https://dl.acm.org/doi/10.1145/3534577
Jin XLi LDang FChen XLiu Y(2022)A survey on edge computing for wearable technologyDigital Signal Processing10.1016/j.dsp.2021.103146125(103146)Online publication date: Jun-2022
https://doi.org/10.1016/j.dsp.2021.103146
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

ePub

View this article in ePub.

Media

Figures

Other

Tables

View Table of Contents