gattacker: Bluetooth Low Energy security assessment
gattacker
Bluetooth Low Energy incorporates device pairing and link-layer encryption. However, a significant amount of devices do not implement these features. They either do not provide transmission security at all or ensure it by own means in application layers. The vendors promise “128-bit military grade encryption” and “unprecedented level of security”, not willing to share technical details. We have seen such declarations before, and many times they did not withstand professional, independent evaluation and turned out to be “snake oil” security. It is about time to verify these claims, what is now possible with the help of our new open-source tool.
Their devices can be attacked in various ways – starting from simple denial of service, by spoofing, passive and active transmission interception, up to the abuse of excessive and improperly configured device’s services. In effect, the attacks can result among other things in:
- disrupting functionality (Denial of Service) – e.g. you cannot control smart home, open smart lock, or use smart Point-of-Sale device
- spoofing (false indications, disabling alarms)
- data interception of (e.g. personal information, authentication etc)
- taking control over the device (e.g. opening smart lock, turning smart home)
- …
The attack is most effective against devices that do not implement Bluetooth security features (pairing). We have examined a handful of devices, including:
- smart watches,
- authentication token,
- mobile point-of-sale,
- smart locks,
- anti-thief solutions,
- home automation,
- smart finders,
- sensors,
- beacons,
- various gadgets.
Copyright (c) 2016 Slawomir Jasek, SecuRing <slawomir.jasek@securing.pl>
