Abstract
Bluetooth low energy (BLE) is a variant of the Bluetooth technology and commonly adopted by internet of things applications designed for devices with limited resources, which results in weak mechanisms of cryptography to create and exchange keys. Some attacks are based on forcing the key renegotiation of paired devices. Existing literature proposes the use of packet injection and even jamming devices to do so. This paper presents a novel technique, called BLE injection-free attack, which aims to force the key renegotiation of devices. This technique exploits properties of the bonding list of devices and its defenses. The BLE injection-free attack enables man-in-the-middle and denial of service attacks to be carried out, depending on the BLE implementation. Our experimental results show that even when the key renegotiation cannot be forced, the functioning of the targeted device is still compromised.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Devices that broadcast jamming signal capable of affecting larger areas are both costly (in regards to production cost and energy consumption) and easier to be detected by the legitimate user.
References
Amiribesheli M, Benmansour A, Bouchachia A (2015) A review of smart homes in healthcare. J Ambient Intell Hum Comput 6(4):495–517
Brauer S, Zubow A, Zehl S, Roshandel M, Mashhadi-Sohi S (2016) On practical selective jamming of bluetooth low energy advertising. In: 2016 IEEE conference on standards for communications and networking (CSCN), Berlin, Germany, pp 1–6. https://doi.org/10.1109/CSCN.2016.7785169
Celebucki D, Lin MA, Graham S (2018) A security evaluation of popular internet of things protocols for manufacturers. In: 2018 IEEE international conference on consumer electronics (ICCE). IEEE, Las Vegas, NV, USA, pp 1–6
Chen Y, Trappe W, Martin RP (2007) Detecting and localizing wireless spoofing attacks. In: 4th Annual IEEE communications society conference on sensor, mesh and Ad Hoc communications and networks. IEEE, San Diego, CA, USA, pp 193–202
Dantas YG, Nigam V, Fonseca IE (2014) A selective defense for application layer DDoS attacks. JISIC 2014:75–82
Dham R, Madaan P (2014) The role of bluetooth low energy in wearable iot designs. https://www.embedded.com/design/connectivity/4437074/The-role-of-Bluetooth-Low-Energy-in-wearable-IoT-designs. Accessed 29 Mar 2019
Grover K, Lim A, Yang Q (2014) Jamming and anti-jamming techniques in wireless networks: a survey. Int J Ad Hoc Ubiquitous Comput 17(4):197–215
Grover M, Pardeshi SK, Singh N, Kumar S (2015) Bluetooth low energy for industrial automation. In: 2015 2nd international conference on electronics and communication systems (ICECS). IEEE, Piscataway, NJ, USA, pp 512–515
Gu T, Mohapatra P (2018) BF-IOT: securing the IOT networks via fingerprinting-based device authentication. In: 2018 IEEE 15th international conference on mobile ad hoc and sensor systems (MASS). IEEE, Chengdu, China, pp 254–262
Ho G, Leung D, Mishra P, Hosseini A, Song D, Wagner D (2016) Smart locks: lessons for securing commodity internet of things devices. In: Proceedings of the 11th ACM on Asia conference on computer and communications security, ACM, Xi'an, China, pp 461–472
Jasek S (2016) Gattacking bluetooth smart devices. In: Black hat USA conference 2016, Las Vegas, NV, USA
Langone M, Setola R, Lopez J (2017) Cybersecurity of wearable devices: an experimental analysis and a vulnerability assessment method. In: 2017 IEEE 41st annual computer software and applications conference (COMPSAC), vol 2. IEEE, Torino, Italy, pp 304–309
Lemos MO, Dantas YG, Fonseca I, Nigam V, Sampaio G (2016) A selective defense for mitigating coordinated call attacks. In: 34th Brazilian symposium on computer networks and distributed systems (SBRC), Salvador, BA, Brazil
Lodeiro-Santiago M, Santos-González I, Caballero-Gil P et al (2017) Secure system based on UAV and BLE for improving SAR missions. J Ambient Intell Human Comput. https://doi.org/10.1007/s12652-017-0603-4
Lonzetta A, Cope P, Campbell J, Mohd B, Hayajneh T (2018) Security vulnerabilities in bluetooth technology as used in IOT. J Sens Actuator Netw 7(3):28
O’Sullivan H (2015) Security vulnerabilities of bluetooth low energy technology (BLE). Tufts University
Padgette J, Bahr J, Batra M, Holtmann M, Smithbey R, Chen L, Scarfone K (2017) Guide to bluetooth security. NIST Spec Publ 800:121
Qu Y, Chan P (2016) Assessing vulnerabilities in bluetooth low energy (BLE) wireless network based IOT systems. In: 2016 IEEE 2nd international conference on big data security on cloud (BigDataSecurity), IEEE international conference on high performance and smart computing (HPSC), and IEEE international conference on intelligent data and security (IDS). IEEE, New York, USA, pp 42–48
Ray A, Raj V, Oriol M, Monot A, Obermeier S (2018) Bluetooth low energy devices security testing framework. In: 2018 IEEE 11th international conference on software testing, verification and validation (ICST). IEEE, Västerås, Sweden, pp 384–393
Reaves B, Morris T (2012) Analysis and mitigation of vulnerabilities in short-range wireless communications for industrial control systems. Int J Crit Infrastruct Prot 5(3–4):154–174
Ren K (2016) Bluetooth pairing part 1 pairing feature exchange. https://blog.bluetooth.com/bluetooth-pairing-part-1-pairing-feature-exchange. Accessed 29 Mar 2019
Ritesh KV, Manolova A, Nenova M (2017) Abridgment of bluetooth low energy (ble) standard and its numerous susceptibilities for internet of things and its applications. In: 2017 IEEE international conference on microwaves, antennas, communications and electronic systems (COMCAS). IEEE, Tel Aviv, Israel, pp 1–5
Rosa T (2013) Bypassing passkey authentication in bluetooth low energy. IACR Cryptol ePrint Arch 2013:309
Rose A, Ramsey B (2016) Picking bluetooth low energy locks from a quarter mile away. DEF CON 24. https://www.youtube.com/watch?v=8h9nbMB1eTE. Accessed 29 Mar 2019
Ryan M (2013) Bluetooth: with low energy comes low security. In: Presented as part of the 7th USENIX workshop on offensive technologies, Washington, DC, USA
Whitehouse O et al (2003) War nibbling: bluetooth insecurity. White paper@ Stake Inc
Zhang Q, Liang Z (2017) Security analysis of bluetooth low energy based smart wristbands. In: 2017 2nd international conference on frontiers of sensors technologies (ICFST). IEEE, Shenzhen, China, pp 421–425
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Santos, A.C.T., Filho, J.L.S., Silva, Á.Í.S. et al. BLE injection-free attack: a novel attack on bluetooth low energy devices. J Ambient Intell Human Comput 14, 5749–5759 (2023). https://doi.org/10.1007/s12652-019-01502-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-019-01502-z