DeepAI AI Chat
Log In Sign Up

BLEWhisperer: Exploiting BLE Advertisements for Data Exfiltration

04/17/2022
by   Ankit Gangwal, et al.
Shandong University
IIIT Hyderabad
0

Bluetooth technology has enabled short-range wireless communication for billions of devices. Bluetooth Low-Energy (BLE) variant aims at improving power consumption on battery-constrained devices. BLE-enabled devices broadcast information (e.g., as beacons) to nearby devices via advertisements. Unfortunately, such functionality can become a double-edged sword at the hands of attackers. In this paper, we primarily show how an attacker can exploit BLE advertisements to exfiltrate information from BLE-enable devices. In particular, our attack establishes a communication medium between two devices without requiring any prior authentication or pairing. We develop a proof-of-concept attack framework on the Android ecosystem and assess its performance via a thorough set of experiments. Our results indicate that such an exfiltration attack is indeed possible though with a low data rate. Nevertheless, we also demonstrate potential use cases and enhancements to our attack that can further its severeness. Finally, we discuss possible countermeasures to prevent such an attack.

READ FULL TEXT

page 1

page 2

page 3

page 4

11/19/2019

Protecting RESTful IoT Devices from Battery Exhaustion DoS Attacks

Many IoT use cases involve constrained battery-powered devices offering ...
08/11/2018

Attacks Against BLE Devices by Co-located Mobile Applications

Bluetooth Low Energy (BLE) is a fast-growing wireless technology with a ...
08/14/2022

IPvSeeYou: Exploiting Leaked Identifiers in IPv6 for Street-Level Geolocation

We present IPvSeeYou, a privacy attack that permits a remote and unprivi...
06/14/2018

A Memo on the Proof-of-Stake Mechanism

We analyze the economic incentives generated by the proof-of-stake mecha...
04/15/2019

Towards Realistic Battery-DoS Protection of Implantable Medical Devices

Modern Implantable Medical Devices (IMDs) feature wireless connectivity,...
01/29/2022

BatteryLab: A Collaborative Platform for Power Monitoring

Advances in cloud computing have simplified the way that both software d...