Bluetooth Low Energy (BLE) Beacons introduced a novel technology that enables devices to advertise their presence in an area by constantly broadcasting a static unique identifier. The aim was to enhance services with location and context awareness. Although the hardware components of typical BLE Beacons systems are able to support adequate cryptography, the design and implementation of most publicly available BLE Beacon protocols appears to render them vulnerable to a plethora of attacks. Indeed, in this paper, we were able to perform user tracking, user behavior monitoring, spoofing as well as denial of service (DoS) of many supported services. Our aim is to show that these attacks stem from design flaws of the underlying protocols and assumptions made for the BLE beacons protocols. Using a clearly defined threat model, we provide a formal analysis of the adversarial capabilities and requirements and the attack impact on security and privacy for the end-user. Contrary to popular belief, BLE technology can be exploited even by low-skilled adversaries leading to exposure of user information. To demonstrate our attacks in practice, we selected Apple's iBeacon technology, as a case study. However, our analysis can be easily generalized to other BLE Beacon technologies.
[1]
Parth H. Pathak,et al.
Uncovering Privacy Leakage in BLE Network Traffic of Wearable Fitness Trackers
,
2016,
HotMobile.
[2]
Moti Yung,et al.
Ephemeral Identifiers: Mitigating Tracking & Spoofing Threats to BLE Beacons
,
2016
.
[3]
Kang G. Shin,et al.
Protecting Privacy of BLE Device Users
,
2016,
USENIX Security Symposium.
[4]
Jeffrey M. Voas,et al.
Learning Internet-of-Things Security "Hands-On"
,
2016,
IEEE Security & Privacy.
[5]
Mike Ryan,et al.
Bluetooth: With Low Energy Comes Low Security
,
2013,
WOOT.