Attacks Against BLE Devices by Co-located Mobile Applications

Bluetooth Low Energy (BLE) is a fast-growing wireless technology with a large number of potential use cases, particularly in the IoT domain. With many of these use cases, the BLE device stores sensitive user data or critical device controls, which may be accessed by an augmentative Android or iOS application. Uncontrolled access to such data could violate a user's privacy, cause a device to malfunction, or even endanger lives. The BLE specification aims to solve this with network layer security mechanisms such as pairing and bonding. Unfortunately, this doesn't take into account the fact that many applications may be co-located on the same mobile device, which introduces the possibility of unauthorised applications being able to access and modify sensitive data stored on a BLE device. In this paper, we present an attack in which an unauthorised Android application can access pairing-protected data from a BLE device by exploiting the bonding relationship previously triggered by an authorised application. We discuss possible mitigation strategies, and perform an analysis over 13,500+ BLE-enabled Android applications to identify how many of them implement such strategies to avoid this attack. Our results indicate that over 60% of these applications do not have mitigation strategies in place in the form of application-layer security, and that cryptography is sometimes implemented incorrectly in those that do. This implies that the corresponding BLE devices are potentially vulnerable to unauthorised data access by malicious applications.

[1]  Thomas Engel,et al.  Bluetooth Low Energy performance and robustness analysis for Inter-Vehicular Communications , 2016, Ad Hoc Networks.

[2]  Mira Mezini,et al.  CogniCrypt: Supporting developers in using cryptography , 2017, 2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[3]  Daniela Miao,et al.  Security Analysis of Wearable Fitness Devices ( Fitbit ) , 2014 .

[4]  Mahmoud Elkhodr,et al.  Emerging Wireless Technologies in the Internet of Things: a Comparative Study , 2016, ArXiv.

[5]  Yingying Wang,et al.  Analyzing the analyzers: FlowDroid/IccTA, AmanDroid, and DroidSafe , 2018, ISSTA.

[6]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[7]  Mike Ryan,et al.  Bluetooth: With Low Energy Comes Low Security , 2013, WOOT.

[8]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[9]  Murad Khan,et al.  Internet of Things: A Comprehensive Review of Enabling Technologies, Architecture, and Challenges , 2018 .

[10]  Kang G. Shin,et al.  Protecting Privacy of BLE Device Users , 2016, USENIX Security Symposium.

[11]  Fernando De la Torre,et al.  Facing Imbalanced Data--Recommendations for the Use of Performance Metrics , 2013, 2013 Humaine Association Conference on Affective Computing and Intelligent Interaction.

[12]  Thorsten Holz,et al.  Slicing droids: program slicing for smali code , 2013, SAC '13.

[13]  Eric Bodden,et al.  Do Android taint analysis tools keep their promises? , 2018, ESEC/SIGSOFT FSE.

[14]  Christopher Krügel,et al.  Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications , 2014, NDSS.

[15]  Shivank Dhote,et al.  Implementation and design issues for using Bluetooth low energy in passive keyless entry systems , 2016, 2016 IEEE Annual India Conference (INDICON).

[16]  Vinod Sharma,et al.  Cross-App Tracking via Nearby Bluetooth Low Energy Devices , 2018, CODASPY.

[17]  David Brumley,et al.  An empirical study of cryptographic misuse in android applications , 2013, CCS.

[18]  Sankardas Roy,et al.  Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps , 2014, CCS.

[19]  Juan E. Tapiador,et al.  Evolution, Detection and Analysis of Malware for Smart Devices , 2014, IEEE Communications Surveys & Tutorials.

[20]  Parth H. Pathak,et al.  Uncovering Privacy Leakage in BLE Network Traffic of Wearable Fitness Trackers , 2016, HotMobile.

[21]  Igor Bisio,et al.  A new asset tracking architecture integrating RFID, Bluetooth Low Energy tags and ad hoc smartphone applications , 2016, Pervasive Mob. Comput..

[22]  Carl A. Gunter,et al.  Inside Job: Understanding and Mitigating the Threat of External Device Mis-Binding on Android , 2014, NDSS.

[23]  Carles Gomez,et al.  Overview and Evaluation of Bluetooth Low Energy: An Emerging Low-Power Wireless Technology , 2012, Sensors.

[24]  Jacques Klein,et al.  AndroZoo: Collecting Millions of Android Apps for the Research Community , 2016, 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR).

[25]  Gongping Yang,et al.  On the Class Imbalance Problem , 2008, 2008 Fourth International Conference on Natural Computation.