research-article

Testing vulnerabilities in bluetooth low energy

Authors:

Thomas Willingham,

Cody Henderson,

Md Shariful Haque,

Travis AtkisonAuthors Info & Claims

ACMSE '18: Proceedings of the 2018 ACM Southeast Conference

Article No.: 6, Pages 1 - 7

https://doi.org/10.1145/3190645.3190693

Published: 29 March 2018 Publication History

Abstract

Bluetooth Low Energy (BTLE) is pervasive in technology throughout all areas of our lives. In this research effort, experiments are performed to discover vulnerabilities in the Bluetooth protocol and given the right technology determine exploitation. Using a Bluetooth keyboard, practical examples of the Bluetooth Low Energy protocol were able to be provided. Because of the results garnered, it is recommended that Bluetooth Low Energy not be used for any connections that may transmit sensitive data, or with devices that may have access to sensitive networks.

References

[1]

Aircrack. 2016. Tutorial: How to Crack WPA/WPA2. (2016). https://www.aircrack-ng.org/doku.php?id=cracking_wpa

[2]

Wahhab Albazrqaoe, Jun Huang, and Guoliang Xing. 2016. Practical Bluetooth Traffic Sniffing: Systems and Privacy Implications. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services. ACM, 333--345.

Digital Library

[3]

Bluetooth. 2016. The story behind Bluetooth technology. (2016). https://www.bluetooth.com/what-is-bluetooth-technology/bluetooth

[4]

M. Bundalo. 2016. Bluetooth Baseband. (2016). http://ecee.colorado.edu/~ecen4242/marko/Bluetooth/Bluetooth/SPECIFICATION/Baseband.htm

[5]

J. Coombs. 2016. The straight goods on Bluetooth: How many consumers have it on? (2016). http://blog.roverlabs.co/post/117195525589/the-straight-goods-on-bluetooth-how-many

[6]

Aveek K Das, Parth H Pathak, Chen-Nee Chuah, and Prasant Mohapatra. 2016. Uncovering privacy leakage in ble network traffic of wearable fitness trackers. In Proceedings of the 17th International Workshop on Mobile Computing Systems and Applications. ACM, 99--104.

Digital Library

[7]

P. Dziwior. 2005. ACL (asynchronous connectionless) links. (2005). http://www.dziwior.org/Bluetooth/ACL.html#FHS

[8]

P. Dziwior. 2005. Paging. (2005). http://www.dziwior.org/Bluetooth/Paging.html

[9]

H. Ford. 2016. GATT (2016). https://learn.adafruit.com/introduction-to-bluetooth-low-energy/gatt

[10]

Insignia. 2015. Introduction into Bluetooth and Bluetooth Low Energy Testing. (2015). https://www.ins1gn1a.com/introduction-into-bluetooth-and-bluetooth-low-energy-testing/

[11]

J. Jacobs. 2016. What frequency is Bluetooth? (2016). https://www.techwalla.com/articles/what-frequency-is-bluetooth

[12]

A. Louie. 2016. Information Leakage in Mobile Health Sensors and Applications. (2016). https://thawproject.files.wordpress.com/2014/07/anthony-louie-final-information-leakage-in-mobile-health-sensors-and-applications.pdf

[13]

S. Mahmud. 2005. Bluetooth Technology. (2005). http://ece.eng.wayne.edu/~smahmud/PersonalData/PubPapers/Handout_Jul12_05.pdf

[14]

D. Nield. 2016. What is Bluetooth? (2016). http://www.techradar.com/how-to/computing/what-is-bluetooth-1323284

[15]

Tu C Niem. 2002. Bluetooth and its inherent security issues. Global Information Assurance Certification (GIAC) Security Essentials Certification (GSEC), Research Project, Version 1.4 b (2002).

[16]

I. Poole. 2016. Bluetooth network connection and pairing. (2016). http://www.radio-electronics.com/info/wireless/bluetooth/networks-networking-connections-pairing.php

[17]

I. Poole. 2016. Bluetooth Technology Tutorial. (2016). http://www.radio-electronics.com/info/wireless/bluetooth/bluetooth_overview.php

[18]

M Ryan. 2014. BLE Fun With Ubertooth: Sniffing Bluetooth Smart and Cracking its Crypto. (2014). https://blog.lacklustre.net/posts/BLE_Fun_With_Ubertooth:_Sniffing_Bluetooth_Smart_and_Cracking_Its_Crypto/

[19]

Mike Ryan et al. 2013. Bluetooth: With Low Energy Comes Low Security. In WOOT.

Digital Library

[20]

K. Townsend. 2016. Introduction to Bluetooth Low Energy. (2016). https://learn.adafruit.com/introduction-to-bluetooth-low-energy

Cited By

Gupta CVarshney G(2023)An improved authentication scheme for BLE devices with no I/O capabilitiesComputer Communications10.1016/j.comcom.2023.01.001200:C(42-53)Online publication date: 15-Feb-2023
https://dl.acm.org/doi/10.1016/j.comcom.2023.01.001
Sanjaya MElAarag H(2022)A Novel Application for Automating Security Risk Assessment and Mitigation of Bluetooth Infotainment DevicesJournal of Computing Sciences in Colleges10.5555/3581625.358162638:5(10-20)Online publication date: 1-Nov-2022
https://dl.acm.org/doi/10.5555/3581625.3581626
Kurt Peker YBello GPerez A(2022)On the Security of Bluetooth Low Energy in Two Consumer Wearable Heart Rate Monitors/Sensing DevicesSensors10.3390/s2203098822:3(988)Online publication date: 27-Jan-2022
https://doi.org/10.3390/s22030988
Show More Cited By

Recommendations

A Low Energy Profile: Analysing Characteristic Security on BLE Peripherals
CODASPY '18: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy

Bluetooth Low Energy is a ubiquitous technology, with applications in the fitness, healthcare and smart home sectors, to name but a few. In this paper, we present an open-source Profiler for classifying the protection level of data residing on a BLE ...
Using bluetooth low energy spoofing to dispute device details: demo
WiSec '19: Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks

In this demo, we will show the effects of multiple Bluetooth Low Energy spoofing attacks, including a novel cache poisoning attack. Bluetooth Low Energy (BLE) is often used for communication between devices, ranging from headphones to medical sensors. ...
Enabling Bluetooth Low Energy auditing through synchronized tracking of multiple connections

Bluetooth Low Energy is a wireless communications protocol that is increasingly used in critical infrastructure applications, especially for inter-sensor communications in wireless sensor networks. Recent security research notes a trend in which ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ACMSE '18: Proceedings of the 2018 ACM Southeast Conference

March 2018

246 pages

ISBN:9781450356961

DOI:10.1145/3190645

Conference Chair:
Ka-Wing Wong
Eastern Kentucky University
,
Program Chair:
Chi Shen
Kentucky State University
,
Publications Chair:
Dana Brown
Bluegrass Community & Technical College

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

ACM: Association for Computing Machinery

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 March 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ACM SE '18

Sponsor:

ACM

ACM SE '18: Southeast Conference

March 29 - 31, 2018

Kentucky, Richmond

Acceptance Rates

ACMSE '18 Paper Acceptance Rate 34 of 41 submissions, 83%;

Overall Acceptance Rate 502 of 1,023 submissions, 49%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
673
Total Downloads

Downloads (Last 12 months)23
Downloads (Last 6 weeks)2

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Gupta CVarshney G(2023)An improved authentication scheme for BLE devices with no I/O capabilitiesComputer Communications10.1016/j.comcom.2023.01.001200:C(42-53)Online publication date: 15-Feb-2023
https://dl.acm.org/doi/10.1016/j.comcom.2023.01.001
Sanjaya MElAarag H(2022)A Novel Application for Automating Security Risk Assessment and Mitigation of Bluetooth Infotainment DevicesJournal of Computing Sciences in Colleges10.5555/3581625.358162638:5(10-20)Online publication date: 1-Nov-2022
https://dl.acm.org/doi/10.5555/3581625.3581626
Kurt Peker YBello GPerez A(2022)On the Security of Bluetooth Low Energy in Two Consumer Wearable Heart Rate Monitors/Sensing DevicesSensors10.3390/s2203098822:3(988)Online publication date: 27-Jan-2022
https://doi.org/10.3390/s22030988
Shrestha SIrby EThapa RDas S(2022)SoK: A Systematic Literature Review of Bluetooth Security Threats and Mitigation MeasuresEmerging Information Security and Applications10.1007/978-3-030-93956-4_7(108-127)Online publication date: 12-Jan-2022
https://doi.org/10.1007/978-3-030-93956-4_7
Thaseen IMohanraj VRamachandran SSanapala KYeo S(2021)A Hadoop Based Framework Integrating Machine Learning Classifiers for Anomaly Detection in the Internet of ThingsElectronics10.3390/electronics1016195510:16(1955)Online publication date: 13-Aug-2021
https://doi.org/10.3390/electronics10161955
Patel NWimmer HRebman C(2021)Investigating Bluetooth Vulnerabilities to Defend from Attacks2021 5th International Symposium on Multidisciplinary Studies and Innovative Technologies (ISMSIT)10.1109/ISMSIT52890.2021.9604655(549-554)Online publication date: 21-Oct-2021
https://doi.org/10.1109/ISMSIT52890.2021.9604655
Kambourakis GKolias CGeneiatakis DKaropoulos GMakrakis GKounelis I(2020)A State-of-the-Art Review on the Security of Mainstream IoT Wireless PAN Protocol StacksSymmetry10.3390/sym1204057912:4(579)Online publication date: 6-Apr-2020
https://doi.org/10.3390/sym12040579
Bettayeb MWaraga OTalib MNasir QEinea O(2019)IoT Testbed Security: Smart Socket and Smart Thermostat2019 IEEE Conference on Application, Information and Network Security (AINS)10.1109/AINS47559.2019.8968694(18-23)Online publication date: Nov-2019
https://doi.org/10.1109/AINS47559.2019.8968694
Shrestha SIrby EThapa RDas S(undefined)SoK: A Systematic Literature Review of Bluetooth Security Threats and Mitigation MeasuresSSRN Electronic Journal10.2139/ssrn.3959316
https://doi.org/10.2139/ssrn.3959316

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents