Neutralizing BLE Beacon-Based Electronic Attendance System Using Signal Imitation Attack

Many emerging location- or proximity-based applications use Bluetooth low energy (BLE) beacons thanks to the increasing popularity of the technology in mobile systems. An outstanding example is the BLE beacon-based electronic attendance system (BEAS) used in many universities today to increase the efficiency of lectures. Despite its popularity and usefulness, however, BEAS has not been thoroughly analyzed for its potential vulnerabilities. In this paper, we neutralize a university’s BEAS by maliciously cheating attendance (i.e., faking attendance while the subject is not physically present at the location) in various scenarios using signal imitation attack, and investigate its possible vulnerabilities. The BEAS exploited in this paper is a commercial system actually used in a well-known university. After the exploitation experiment, we analyze the system’s weaknesses and present possible counter-measures. Furthermore, additional attack methods are shown to re-counteract those possible counter-measures and to discuss the fundamental challenges, deficiencies, and suggestions in electronic attendance systems using BLE beacons.

[1]  Donatella Sciuto,et al.  BlueSentinel: a first approach using iBeacon for an energy efficient occupancy detection system , 2014, BuildSys@SenSys.

[2]  Philippe Bonnet,et al.  Evaluating Bluetooth Low Energy for IoT , 2018, 2018 IEEE Workshop on Benchmarking Cyber-Physical Networks and Systems (CPSBench).

[3]  Kumar Yelamarthi,et al.  Reliability evaluation of iBeacon for micro-localization , 2016, 2016 IEEE 7th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON).

[4]  Filip Maly,et al.  Improving Indoor Localization Using Bluetooth Low Energy Beacons , 2016, Mob. Inf. Syst..

[5]  Sung-Woo Ahn Smart Attendance Checking System based on BLE using a Beacon , 2016 .

[6]  Masaru Kamada,et al.  Student Attendance Management System with Bluetooth Low Energy Beacon and Android Devices , 2015, 2015 18th International Conference on Network-Based Information Systems.

[7]  Wei Zhou,et al.  A proposal of interaction system between visitor and collection in museum hall by iBeacon , 2015, 2015 10th International Conference on Computer Science & Education (ICCSE).

[8]  Dae-Jea Cho,et al.  Design and Implementation of Automatic Attendance Check System Using BLE Beacon , 2015, MUE 2015.

[9]  Lien-Wu Chen,et al.  GoFAST: A Group-Based Emergency Guiding System with Dedicated Path Planning for Mobile Users Using Smartphones , 2015, 2015 IEEE 12th International Conference on Mobile Ad Hoc and Sensor Systems.

[10]  Yue Liu,et al.  Bluetooth positioning using RSSI and triangulation methods , 2013, 2013 IEEE 10th Consumer Communications and Networking Conference (CCNC).

[11]  Carles Gomez,et al.  Overview and Evaluation of Bluetooth Low Energy: An Emerging Low-Power Wireless Technology , 2012, Sensors.

[12]  JeongGil Ko,et al.  A Measurement Study of BLE iBeacon and Geometric Adjustment Scheme for Indoor Location-Based Mobile Applications , 2016, Mob. Inf. Syst..