Researcher(s)
- Jack Cartwright, Computer Engineering, University of Delaware
Faculty Mentor(s)
- Chengmo Yang, Computer Engineering, University of Delaware
Abstract
Bluetooth is a ubiquitous wireless technology used in many of our daily devices, such as wearable technology, phones, personal computers, and IoT devices. There are two separate implementations under the Bluetooth banner, Bluetooth Classic (aka BR/EDR) and Bluetooth Low Energy (BLE). BLE, as the name suggests, aims to reduce the energy consumption and extend the battery life of the device. As a result, many developers opt to not include security support, as security measures come at the cost of increased power consumption. This fact, in combination with the fact that BLE is a wireless technology, meaning that any Bluetooth device in range is free to listen to and interfere with the communication, leaves BLE vulnerable.
Aiming to discover the vulnerabilities of BLE devices, our project examines whether an attacker can take advantage of these flaws to inject malicious traffic into a connection or to imitate an existing device. Our approach involves an attacker device that passively watches for new BLE connections and records the connection parameters when it sees one. It then uses this information to send a fake disconnect request to one of the devices, fooling it into thinking the connection is closed, while the other device in the connection is still expecting an open connection. Our research demonstrates that an attacker can use this opportunity to imitate the device just disconnected, causing the victim device to think it is still communicating with the disconnected device, while it is actually now communicating with the attacker device. This attack could lead to severe circumstances wherein an attacker hijacks the connection of a Bluetooth keyboard and types malicious keystrokes into a computer.