Attacks Against BLE Devices by Co-located Mobile Applications
@article{Sivakumaran2018AttacksAB, title={Attacks Against BLE Devices by Co-located Mobile Applications}, author={Pallavi Sivakumaran and Jorge Blasco}, journal={ArXiv}, year={2018}, volume={abs/1808.03778} }
Bluetooth Low Energy (BLE) is a fast-growing wireless technology with a large number of potential use cases, particularly in the IoT domain. With many of these use cases, the BLE device stores sensitive user data or critical device controls, which may be accessed by an augmentative Android or iOS application. Uncontrolled access to such data could violate a user's privacy, cause a device to malfunction, or even endanger lives. The BLE specification aims to solve this with network layer security…
Figures and Tables from this paper
4 Citations
BLESS: A BLE Application Security Scanning Framework
- Computer ScienceIEEE INFOCOM 2020 - IEEE Conference on Computer Communications
- 2020
A BLE Security Scan (BLESS) framework is designed and implemented to identify those BLE apps that do not implement encryption or authentication at the application layer and proposes and implements an application-level defense with a low-cost $0.55 crypto co-processor using public key cryptography.
On the (In)security of Bluetooth Low Energy One-Way Secure Connections Only Mode
- Computer ScienceArXiv
- 2019
This work examines the life cycle of a BLE pairing process in Android and identifies four severe design flaws that can be exploited by attackers to perform downgrading attacks, forcing the BLE Pairing protocols to run in the insecure mode without the users' awareness.
SAAC: Secure Android Application Context a Runtime Based Policy and its Architecture
- Computer Science2018 IEEE 17th International Symposium on Network Computing and Applications (NCA)
- 2018
This paper presents a novel approach allowing a standard Android user to launch its applications in a configurable secure execution context and a performance assessment of the solution is provided.
Contrôle d'accès dynamique et architecture de sécurité pour la protection des applications sous Androïd. (Dynamic access control and security architecture to protect Android applications)
- Computer Science, Political Science
- 2019
La derniere contribution of cette these consiste en the realisation d'un prototype de cette architecture sur une carte de developpement, associee a the presentation of tests permettant de montrer l'efficacite and the pertinence of l'approche.
References
SHOWING 1-10 OF 28 REFERENCES
Protecting Privacy of BLE Device Users
- Computer ScienceUSENIX Security Symposium
- 2016
This paper proposes a new device-agnostic system, called BLE-Guardian, that protects the privacy of the users/environments equipped with BLE devices/IoTs and enables the users and administrators to control those who discover, scan and connect to their devices.
Inside Job: Understanding and Mitigating the Threat of External Device Mis-Binding on Android
- Computer ScienceNDSS
- 2014
The first study on external Device Mis-Bonding or DMB under the context of Bluetooth-enabled Android devices is presented, and the first OS-level protection, called Dabinder, is developed, which automatically generates secure bonding policies between a device and its official app and enforces them when an app attempts to establish Bluetooth connections with a devices and unpair the phone from the device.
Cross-App Tracking via Nearby Bluetooth Low Energy Devices
- Computer ScienceCODASPY
- 2018
This work shows that by listening to advertising packets broadcasted by nearby BLE-enabled devices and recording information contained in them, app developers can derive fairly unique "fingerprints" for their users, which can be used for cross-app tracking, i.e., linking pseudonymous users of different apps to each other.
Implementation and design issues for using Bluetooth low energy in passive keyless entry systems
- Computer Science2016 IEEE Annual India Conference (INDICON)
- 2016
The focus of this research is to investigate keyless entry systems using the Bluetooth Low Energy (BLE) technology, with a considerable number of design issues and tradeoffs that needed to be considered were and looked into.
Evolution, Detection and Analysis of Malware for Smart Devices
- Computer ScienceIEEE Communications Surveys & Tutorials
- 2014
This article presents a detailed analysis on how malware has evolved over the last years for the most popular platforms and surveys, classify and discusses efforts made on detecting both malware and other suspicious software (grayware) between 2010 and 2013.
Bluetooth Low Energy performance and robustness analysis for Inter-Vehicular Communications
- Computer ScienceAd Hoc Networks
- 2016
Security Analysis of Wearable Fitness Devices ( Fitbit )
- Computer Science
- 2014
It is discovered that MAC addresses on Fitbit devices are never changed, enabling usercorrelation attacks, and BTLE credentials are also exposed on the network during device pairing over TLS, which might be intercepted by MITM attacks.
Emerging Wireless Technologies in the Internet of Things: a Comparative Study
- Computer ScienceArXiv
- 2016
There is a need to develop a multifaceted technology approach to enable interoperable and secure communications in the IoT, including the recent IEEE 802.11ah protocol.
Overview and Evaluation of Bluetooth Low Energy: An Emerging Low-Power Wireless Technology
- Computer ScienceSensors
- 2012
Experimental results are provided that complement the theoretical and simulation findings, and implementation constraints that may reduce BLE performance are indicated.
Uncovering Privacy Leakage in BLE Network Traffic of Wearable Fitness Trackers
- Computer ScienceHotMobile
- 2016
It is shown that majority of the fitness trackers use unchanged BLE address while advertising, making it feasible to track them and it is demonstrated that the BLE traffic can represent user's gait which is known to be distinct from user to user.