BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy

The Bluetooth Low Energy (BLE) protocol ubiquitously enables energy-efficient wireless communication among resource-constrained devices. To ease its adoption, BLE requires limited or no user interaction to establish a connection between two devices. Unfortunately, this simplicity is the root cause of several security issues. In this paper, we analyze the security of the BLE link-layer, focusing on the scenario in which two previously-connected devices reconnect. Based on a formal analysis of the reconnection procedure defined by the BLE specification, we highlight two critical security weaknesses in the specification. As a result, even a device implementing the BLE protocol correctly may be vulnerable to spoofing attacks. To demonstrate these design weaknesses, and further study their security implications, we develop BLE Spoofing Attacks (BLESA). These attacks enable an attacker to impersonate a BLE device and to provide spoofed data to another previouslypaired device. BLESA can be easily carried out against some implementations of the BLE protocol, such as the one used in Linux. Additionally, for the BLE stack implementations used by Android and iOS, we found a logic bug enabling BLESA. We reported this security issue to the affected parties (Google and Apple), and they acknowledged our findings.

[1]  Mathias Payer,et al.  BlueShield: Detecting Spoofing Attacks in Bluetooth Low Energy Networks , 2020, RAID.

[2]  Vitaly Shmatikov,et al.  Formal Analysis of Authentication in Bluetooth Device Pairing , 2007 .

[3]  Giancarlo Fortino,et al.  Evaluating Critical Security Issues of the IoT World: Present and Future Challenges , 2018, IEEE Internet of Things Journal.

[4]  Zhou Li,et al.  BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals , 2019, NDSS.

[5]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[6]  Jacques Klein,et al.  AndroZoo: Collecting Millions of Android Apps for the Research Community , 2016, 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR).

[7]  Angelos Stavrou,et al.  Breaking BLE Beacons For Fun But Mostly Profit , 2017, EUROSEC.

[8]  Carl A. Gunter,et al.  Inside Job: Understanding and Mitigating the Threat of External Device Mis-Binding on Android , 2014, NDSS.

[9]  Nils Ole Tippenhauer,et al.  BIAS: Bluetooth Impersonation AttackS , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[10]  Nils Ole Tippenhauer,et al.  The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation Of Bluetooth BR/EDR , 2019, USENIX Security Symposium.

[11]  Nils Ole Tippenhauer,et al.  Key Negotiation Downgrade Attacks on Bluetooth and Bluetooth Low Energy , 2020, ACM Trans. Priv. Secur..

[12]  Raphael C.-W. Phan,et al.  Analyzing the Secure Simple Pairing in Bluetooth v4.0 , 2010, Wireless Personal Communications.

[13]  Jean Leneutre,et al.  Formal Analysis of Secure Device Pairing Protocols , 2014, 2014 IEEE 13th International Symposium on Network Computing and Applications.

[14]  Jorge Blasco,et al.  A Study of the Feasibility of Co-located App Attacks against BLE and a Large-Scale Analysis of the Current Application-Layer Security Landscape , 2018, USENIX Security Symposium.

[15]  Eli Biham,et al.  Breaking the Bluetooth Pairing - The Fixed Coordinate Invalid Curve Attack , 2019, IACR Cryptol. ePrint Arch..

[16]  Parth H. Pathak,et al.  Uncovering Privacy Leakage in BLE Network Traffic of Wearable Fitness Trackers , 2016, HotMobile.

[17]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[18]  Toshinobu Kaneko,et al.  Formal Verification of Improved Numeric Comparison Protocol for Secure Simple Paring in Bluetooth Using ProVerif , 2014 .

[19]  Thaier Hayajneh,et al.  Security Vulnerabilities in Bluetooth Technology as Used in IoT , 2018, J. Sens. Actuator Networks.

[20]  Tal Melamed An active man-in-the-middle attack on bluetooth smart devices , 2018 .

[21]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).