demonstration

Using bluetooth low energy spoofing to dispute device details: demo

Authors:

Christopher Hensler,

Patrick TagueAuthors Info & Claims

WiSec '19: Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks

Pages 340 - 342

https://doi.org/10.1145/3317549.3326321

Published: 15 May 2019 Publication History

Get Access

Abstract

In this demo, we will show the effects of multiple Bluetooth Low Energy spoofing attacks, including a novel cache poisoning attack. Bluetooth Low Energy (BLE) is often used for communication between devices, ranging from headphones to medical sensors. Our attacks target the BLE advertising mechanism to cause Denial of Service and Man-in-the-Middle conditions. BLE Peripheral Devices are discovered through an advertising process, in which the Peripheral broadcasts advertising packets to listening Central Devices. Such packets typically include the advertising address of the device, name of the device, and information about the connectability of the device. Peripheral Devices are generally assumed to have distinct advertising addresses. If a device advertises with the same address as another device, Central Devices need to decide which information is correct. We term the condition where advertisements contain contradictory information a "Disputed Advertisement". In the case where an advertisement contains optional information, there may be a condition where one of the packets contains maliciously included information, but is not contradicted by a legitimate packet. We call this condition an "Undisputed Advertisement", which is the basis for a novel attack that we call Bluestaking. The Bluestaking attack poisons advertising name cache on Central Devices with attacker-selected address-to-name mappings. Because BLE devices are not required to be named, an attacker can spoof a device and provide a name without any dispute from the victim device. This causes scanning Central Devices to cache the name indefinitely.

References

[1]

Sławomir Jasek. {n.d.}. GATTattacking Bluetooth Smart Devices. SecuRing Whitepaper, available http://gattack.io/whitepaper.pdf.

Google Scholar

[2]

Hui Jun Tay, Jiaqi Tan, and Priya Narasimhan. 2016. A Survey of Security Vulnerabilities in Bluetooth Low Energy Beacons. PDL Technical Report CMU-PDL-16--109. Parallel Data Laboratory, Carnegie Mellon University, Pittsburgh, PA.

Google Scholar

[3]

Kevin Townsend. 2014. Introduction to Bluetooth Low Energy. Adafruit Learning System, Available https://learn.adafruit.com/introduction-to-bluetooth-low-energy.

Google Scholar

Cited By

View all

Khelif MLorandel JRomain ORegnery MBaheux D(2019)A Versatile Emulator of MitM for the identification of vulnerabilities of IoT devices, a case of studyProceedings of the 3rd International Conference on Future Networks and Distributed Systems10.1145/3341325.3342019(1-6)Online publication date: 1-Jul-2019
https://dl.acm.org/doi/10.1145/3341325.3342019

Index Terms

Using bluetooth low energy spoofing to dispute device details: demo
1. Networks
  1. Network protocols
    1. Link-layer protocols
2. Security and privacy
  1. Network security
    1. Mobile and wireless security

Recommendations

Testing vulnerabilities in bluetooth low energy
ACMSE '18: Proceedings of the 2018 ACM Southeast Conference

Bluetooth Low Energy (BTLE) is pervasive in technology throughout all areas of our lives. In this research effort, experiments are performed to discover vulnerabilities in the Bluetooth protocol and given the right technology determine exploitation. ...
BlueSWAT: A Lightweight State-Aware Security Framework for Bluetooth Low Energy
CCS '24: Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security

Bluetooth Low Energy (BLE) is a short-range wireless communication technology for resource-constrained IoT devices. Unfortunately, BLE is vulnerable to session-based attacks, where previous packets construct exploitable conditions for subsequent packets ...
Two-Way Communication Protocol using Bluetooth Low Energy Advertisement Frames
SmartObjects '15: Proceedings of the 1st International Workshop on Experiences with the Design and Implementation of Smart Objects

Bluetooth Low Energy (BLE) is a wireless personal area network technology designed to provide low-power connectivity to smartphones and wearable devices. To transmit bidirectional data, devices must first discover each other and then start a pairing ...

Comments

Information & Contributors

Information

Published In

WiSec '19: Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks

May 2019

359 pages

ISBN:9781450367264

DOI:10.1145/3317549

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

In-Cooperation

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 May 2019

Check for updates

Author Tags

Qualifiers

Demonstration

Conference

WiSec '19

Sponsor:

SIGSAC

WiSec '19: 12th ACM Conference on Security and Privacy in Wireless and Mobile Networks

May 15 - 17, 2019

Florida, Miami

Acceptance Rates

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
211
Total Downloads

Downloads (Last 12 months)14
Downloads (Last 6 weeks)1

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Khelif MLorandel JRomain ORegnery MBaheux D(2019)A Versatile Emulator of MitM for the identification of vulnerabilities of IoT devices, a case of studyProceedings of the 3rd International Conference on Future Networks and Distributed Systems10.1145/3341325.3342019(1-6)Online publication date: 1-Jul-2019
https://dl.acm.org/doi/10.1145/3341325.3342019

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Testing vulnerabilities in bluetooth low energy

BlueSWAT: A Lightweight State-Aware Security Framework for Bluetooth Low Energy

Two-Way Communication Protocol using Bluetooth Low Energy Advertisement Frames

Comments

Published In

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Testing vulnerabilities in bluetooth low energy

BlueSWAT: A Lightweight State-Aware Security Framework for Bluetooth Low Energy

Two-Way Communication Protocol using Bluetooth Low Energy Advertisement Frames

Comments

Information

Published In

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations