{"title":"Bluetooth Low Energy Makes “Just Works” Not Work","authors":"K. Lounis, Mohammad Zulkernine","doi":"10.1109/CSNet47905.2019.9108931","DOIUrl":null,"url":null,"abstract":"BLE (Bluetooth Low Energy) is being heavily deployed in many devices and IoT (Internet of Things) smart applications of various fields, such as medical, home automation, transportation and agriculture. It has transformed the classic Bluetooth into a technology that can be embedded into resource constrained devices running on a cell coin battery for months or years. Most BLE devices that are sold in the market use the Just Works pairing mode to establish a connection with peer devices. This mode is so lightweight that it leaves the implementation of security to application developers and device manufacturers. Unfortunately, as the market does not want to pay for security, a number of vulnerable smart devices are strolling around in the market. In this paper, we discuss how Bluetooth devices that use the Just Works pairing mode can be exploited to become nonoperational. We conduct a case study on three different Bluetooth smart devices. We show how these devices can be attacked and abused to not work properly. We also present a vulnerability that is due to the behavior of BLE smart devices and the Just Works pairing mode. This vulnerability can be exploited to generate an attack that affects BLE availability. We propose a solution to mitigate the attack.","PeriodicalId":350566,"journal":{"name":"2019 3rd Cyber Security in Networking Conference (CSNet)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 3rd Cyber Security in Networking Conference (CSNet)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSNet47905.2019.9108931","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 10
Abstract
BLE (Bluetooth Low Energy) is being heavily deployed in many devices and IoT (Internet of Things) smart applications of various fields, such as medical, home automation, transportation and agriculture. It has transformed the classic Bluetooth into a technology that can be embedded into resource constrained devices running on a cell coin battery for months or years. Most BLE devices that are sold in the market use the Just Works pairing mode to establish a connection with peer devices. This mode is so lightweight that it leaves the implementation of security to application developers and device manufacturers. Unfortunately, as the market does not want to pay for security, a number of vulnerable smart devices are strolling around in the market. In this paper, we discuss how Bluetooth devices that use the Just Works pairing mode can be exploited to become nonoperational. We conduct a case study on three different Bluetooth smart devices. We show how these devices can be attacked and abused to not work properly. We also present a vulnerability that is due to the behavior of BLE smart devices and the Just Works pairing mode. This vulnerability can be exploited to generate an attack that affects BLE availability. We propose a solution to mitigate the attack.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
