Bluetooth Reconnection Flaw Could Lead to Spoofing Attacks
08-11-2020
Professors Antonio Bianchi, Dave (Jing) Tian, and Dongyan Xu, with researchers Jianliang Wu, Yuhong Nan, and Vireshwar Kumar from Purdue Computer Science and Mathias Payer of EPFL, recently discovered a vulnerability that affects many IoT devics running Bluetooth Low Energy (BLE).
On August 11, 2020, the team's paper describing their findings won the Best Paper Award from the 14th USENIX Workshop on Offensive Technologies (WOOT'20).
The research centers around the routine reconnection process of BLE devices. Named BLESA - for BLE Spoofing Attack, the researchers conclude that their discovery implies this vulnerability can potentially affect more than 1 billion BLE devices and 16,000 BLE apps. The number of BLE users is predicted to be massive as the market was valued at $4.55 billion in 2016 and is expected to reach $5.34 billion by 2023.
(Blesa Demo: Attack against a fitness tracker.)
BLE devices rely on pairing, a critical procedure, to build trust between two devices when they connect for the first time. Once paired, the reconnections between BLE devices are often transparent to the user. The vulnerability lies in the reconnection procedures for previously paired BLE devices. And reconnections happen frequently in typical usage scenarios, said Jianliang Wu, a PhD student from the PurSec Lab at Purdue's Department of Computer Science and one of the lead researchers on the project.
Bluetooth devices often move out of range and then move back into range again later, re-establishing a connection with a previously paired devices. All of this goes on without user notification. The research centers on this reconnection process.
“We were intrigued by the fact that the researchers in the prior art had focused on analyzing the security of the one-time pairing procedure, but they had completely overlooked the reconnection procedure between two already paired BLE devices,” said Wu. “We strived to investigate the reconnection procedure for potential security flaws. In our research, we first theoretically analyzed the reconnection procedure by carrying out the formal verification of the connection procedures proposed in the most recent BLE specification.”
The researchers’ analysis revealed two critical design weaknesses of BLE:
- For some BLE devices, the authentication during the device reconnection is optional instead of mandatory.
- For other BLE devices, the authentication can potentially be circumvented if the user’s device fails to enforce the IoT device to authenticate the communicated data.
After discovering the design weaknesses in the BLE specification, the researchers analyzed mainstream BLE stack implementations, including BLE protocol stacks on Linux, Android, iOS and Windows to see if “real-world devices” were vulnerable to the security flaws. Three of the devices tested were determined to be vulnerable because they failed to ensure the connecting IoT device authenticated its data and accepted unauthenticated data.
“This vulnerability has a broad impact on mainstream platforms that support BLE communications, including Linux, Android and iOS,” said Wu. “According to a recent study, more than 1 billion BLE devices do not use application-layer security, which could have provided a second line of defense. At least 8,000 Android BLE apps with 2.38 billion installations read data from BLE devices in plaintext. Similar numbers may apply to iOS apps.”
Platform |
OS and Version |
BLE Stack implementation |
---|---|---|
Google Pixel XL |
Android 8.1, 9, 10 |
Fluoride |
Apple iPhone 8 |
iOS 12.1, 12.4, 13.3 |
iOS BLE stack |
Linux Laptop |
Ubuntu 18.04 |
BlueZ 5.48 |
The researchers have reported the findings to Google and Apple, and both confirmed the flaw. Apple assigned CVE-2020-9770 to the vulnerability. The results of the research will be presented at the 14th USENIX Workshop on Offensive Technologies (WOOT 2020) in August 2020.
Avoiding Exploit
How would this play out as an exploit? Wu said an attacker could launch a spoofing attack and impersonate the IoT device, forge malicious data corresponding to the IoT device and feed the forged data to the user’s device.
“Specifically, the design weakness and vulnerabilities allow the attacker to bypass the authentication in BLE reconnections, which can lead to spoofing attacks against the user’s devices,” he said. “In fact, the attacker can easily impersonate all IoT devices’ data that are not protected by application-level authentication.”
That could lead to several scenarios, according to the researchers. For example, malicious keystrokes could be injected into the smartphone or desktop when it reconnects to a BLE keyboard. Or a fake glucose level value can be injected into the smartphone while the user reads data from a BLE glucose monitor. Fake fitness data can be received by the user when it reconnects to a fitness tracker.
To prevent this, both the BLE specification and the current BLE stack implementations in Linux, Android and iOS need to be updated to secure the reconnection procedure. Users should install the most recent version of the firmware to apply the required security patches to fix the vulnerabilities. Apple has fixed the issue in iOS 13.4 and iPadOS 13.4.
BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy
Jianliang Wu*, Yuhong Nan*, Vireshwar Kumar*, Dave (Jing) Tian*, Antonio Bianchi*, Mathias Payer**, Dongyan Xu*
*Purdue University
**École polytechnique fédérale de Lausanne
Abstract
The Bluetooth Low Energy (BLE) protocol is ubiquitously utilized to facilitate energy-efficient wireless communication among resource-constrained devices. To ease its adoption, BLE requires limited or none user interaction to establish a connection between two devices. Unfortunately, this simplicity is the root cause of several security issues.
In this paper, we studied, in particular, the security of the BLE link-layer focusing on the scenario in which two previously-connected devices reconnect. Our study started with a formal analysis of the reconnection procedure defined by the BLE specification. This analysis highlighted two critical security weaknesses in the specification. As a result, even a device implementing the BLE protocol correctly may be vulnerable to spoofing attacks.
To demonstrate these design weaknesses, and further study their security implications, we developed BLE Spoofing Attacks (BLESA) which enable an attacker to impersonate a BLE device and to provide spoofed data to another previously-paired device. BLESA can be easily carried out against some implementations of the BLE protocol, such as the one used in Linux. For BLE stack implementations in Android and iOS, we found another logic bug enabling BLESA. We reported this security issue to the affected parties (Google and Apple), and they acknowledged our findings.
Parts of this article appeared in Security Boulevard.