Bluetooth technology has enabled short-range wireless communication for billions of devices. Bluetooth Low-Energy (BLE) variant aims at improving power consumption on battery-constrained devices. BLE-enabled devices broadcast information (e.g., as beacons) to nearby devices via advertisements. Unfortunately, such functionality can become a double-edged sword at the hands of attackers. In this paper, we primarily show how an attacker can exploit BLE advertisements to exfiltrate information from BLE-enable devices. In particular, our attack establishes a communication medium between two devices without requiring any prior authentication or pairing. We develop a proof-of-concept attack framework on the Android ecosystem and assess its performance via a thorough set of experiments. Our results indicate that such an exfiltration attack is indeed possible though with a limited data rate. Nevertheless, we also demonstrate potential use cases and enhancements to our attack that can further its severeness. Finally, we discuss possible countermeasures to prevent such an attack.
翻译:蓝牙技术使数十亿个装置能够进行短距离无线通信。蓝牙低能变方旨在提高受电池限制装置的电力消耗量。低能设备通过广告向附近的装置广播信息(例如作为信标),不幸的是,这种功能可能成为攻击者手中的双刃剑。在本文中,我们主要展示攻击者如何利用有源的广告从可爆炸装置中提取信息。特别是,我们的攻击在两个装置之间建立了通信介质,而不需要任何事先的认证或配对。我们开发了对Android生态系统的验证概念攻击框架,并通过一系列彻底的实验评估其性能。我们的结果表明,这种穿透攻击确实有可能,尽管数据率有限。然而,我们还展示了对我们的攻击可能使用的案例和增强手段来进一步加深其严重性。最后,我们讨论了防止这种攻击的可能反措施。