Professional Documents
Culture Documents
Denial of Service Attack On Bluetooth Low Energy: September 2016
Denial of Service Attack On Bluetooth Low Energy: September 2016
Denial of Service Attack On Bluetooth Low Energy: September 2016
net/publication/317063884
CITATIONS READS
2 6,152
1 author:
Peter Gullberg
Thales Group
5 PUBLICATIONS 5 CITATIONS
SEE PROFILE
All content following this page was uploaded by Peter Gullberg on 23 May 2017.
Figure 1 Air interface packet BLE supports a feature that prevents and observer to track a device.
This is done by using a private address that is changed on frequent
basis. To resolve a private address, the other device needs use the
2.3 Packet interface format Identity Resolving Key (IRK) that is part of the Long Term Key.
The PDU in the air packet from Figure 1 is split into Header and The resolvable private address is the concatenation of a hash value,
Payload, as shown in Figure 2. a random value (prand), and two bits that indicates that it is a
resolvable private address.
The hash value is calculated from has of the IRK and prand.
ℎ𝑎𝑠ℎ = 𝑎ℎ(𝐼𝑅𝐾, 𝑝𝑟𝑎𝑛𝑑)
2.6 Advertisement indication
Figure 2 Advertising PDU Advertising is the mechanism that enables the slave to be found by
the master, and is the first step in the process to connect with each
other.
The Header from Figure 2 is explained in Figure 3, and consists of The advertisement indication is a notification sent from the slave to
a PDU_Type, four reserved bits (RFU), TxAdd and RxAdd, which the master that the slave is ready to be connected with. The payload
defines if the corresponding address is public or random and then contains the advertisement address (AdvA), this is needed as the
we have a 6 bit length that defines the length of the payload. advertisement is sent with the broad cast access address that has the
value of 0x8E89BED6. The Advertisement data is optional and
contains information about the device.
Authenticate
Master
4.3 Denial of Service identification
Slave
authentication Authentication Based on the findings from the threat modeling in the previous
Authenticate
section we continue to investigate the ability for the attacker to
LONG TERM LONG TERM impersonate a master and perform a denial of service attack on
KEY KEY
Encrypted data
protocol level to block the legitimate entities to communicate with
Master
each other by impersonating the master and connect to the slave.
Slave
communication
communication As we explained earlier if we use a private resolvable address, the
Encrypted data
slave cannot distinguish between our malicious master and a
legitimate master in this first step.
At this point we could start to communicate with the slave, and stall
the authentication process to prevent the slave from understanding
that we are not the right master. This would require us to have one
Figure 12 Data-flow-diagram malicious BLE master for each slave we want to block.
We start by doing a data-flow-diagram as seen in Figure 12. We
analyze the trust levels, data flow and show the functions of the BLE
connection setup mechanism. On the right side you have the master,
and on the left side you have the slave. The red horizontal line
RP-SMA connector, where you can attach your antenna. In our case
we use a Rubber duck antenna with 2.2dBi.
5. The exploit
To develop the exploit, we decided to use the Project Ubertooth [3],
and the Ubertooth One hardware, where we based our work on RECEIVE
ADV_IND
version ubertooth-2014-02-R1. For our experimentation we
purchased the Ubertooth One at an online web-store for less than
100€ and received the package the day after.
WAIT
5.1 Project Ubertooth T_IFS
The Project Ubertooth is a 2.4 GHz wireless development platform
intended for Bluetooth experimentation that supports both Bluetooth
SEND
classic and Bluetooth Low Energy.
CONNECT_REQ
It is open source and contains everything required to build the full
Bluetooth experimentation platform. All parts including software,
firmware schematics, pcb-layout and bill of material are freely
downloadable from the ubertooth web-site, even the development
tool chain is freely available. Figure 15 Denial of service process flow
The platform allows monitoring and following both Bluetooth
classic and Bluetooth Low Energy connections. As every part is In the CONNECT_REQ we specify a high connection interval. The
open source, it also allows us to develop our own exploit. slave will then have to wait 6*connInterval before connection fails.
When the connection fails, the slave may go into sleep or retry to
5.1.1 Ubertooth One hardware
advertise.
The Ubertooth One hardware contains an LPC1756 ARM Cortex-
M3 microcontroller [14], which also contains a full speed USB 5.3 Implementing the exploit
interface that interfaces with the PC. The CPU runs with an internal Ubertooth One firmware implements the main parts of the low-level
PLL that enables the CPU to operate at up to 100MHz. The wireless of Bluetooth in the file bluetooth_rxtx.c. We based our development
transceiver is a 2.4GHz transceiver CC2400 [15] and has a 16MHz on the code that handles the BLE follow mode.
crystal, and connects to an analog RF front end CC2591 that is able
to boost the output signal to +22dBm. The RF output is through a One of the first modifications was to implement a precise timing to
control the timing between the packets we receive and the packets
we send. To get this timing, we use the CLK100NS clock macro that
gives us a timer with a granularity of 100ns, but the overall timing as the right button is pressed once. Pressing the button again will
is less than that. stop advertisement. If the application loses connection it will restart
The function bt_le_sync() searches for BLE packets and feeds them advertising. To visually distinguish between the advertising state
to the PC. This is done by first looking for a valid preamble and the and the connect state, we connect a LED to the board. The LED
access address. It then continues to receive the data. After finished blinks each time the device advertises. The advertising interval is set
receiving the data, it sets the timer T_IFS, and then perform de- to 100ms.
whitening and verifies the crc checksum. If the crc is correct, the For protocol analysis of BLE, we use the Texas Instrument SmartRF
function calls the packet callback handler and then transmits the Packet Sniffer together with a USB dongle using a CC2541 BLE
packet to the PC. After this it continues to search for more BLE chip (not shown). We configure the protocol analyzer to capture
packets. channel 37 and to not follow connections. After that we start the
We modified this to call our own call back handler that generates protocol analyzer to capture packets.
the connect request and transmits the connect request block. We start the malicious master (Ubertooth One) with the following
In our packet handler, we check that it is an advertisement command line:
indication, if not, we stop processing. After that we extract the ubertooth-btle –f
relevant parameters, such as AdvA and then construct a connect This command starts the denial of service exploit.
request containing the extracted parameters, including predefined
default values and call the le_transmit() to broadcast the connect 6.2 Exploitation test
request in response to the advertising indication. The test starts by pressing the right button on the slave device. We
We modified the le_transmit() to wait until T_IFS timeout before notice a short blink that repeats itself over and over again. We let
we start sending the packet. the slave run for approximately one minute, and then stop the test
by pressing the button again. We then stop the protocol trace and
We also optimized some parts of the implementation as all the save the recorded data.
processing from receiving the packet to start of transmission was not
fast enough. 7. Analysis
5.3.1 Compiling and loading the exploit 7.1 Analyzing the test result
We compile the firmware by simply typing “make”. Project Looking at the recorded protocol trace in Figure 17, we see the
Ubertooth have conveniently prepared all the make files. advertising event in packet number 15, and the corresponding
We then sign the compiled binary using the ubertooth-dfu tool. connect request from the master in packet number 16. After that
there is a delta time of +2,554,556µs before we see the next packet,
ubertooth-dfu –sign bluetooth_rxtx which is another advertising indication. This matches well with the
This creates the pdu file that we can load to the target, which is the expected link loss timeout of 2.4 seconds and a 100ms advertising
Ubertooth One. We do this with the command: interval time. After this, we see that the malicious master repeats
and sends a connect request to each advertising indication.
ubertooth-dfu –write bluetooth_rxtx --detach
Now when we have loaded the firmware to the target, and the
Ubertooth One is ready for exploitation.
6. Exploitation
6.1 Exploitation setup
In order to test the exploit, we setup a test scenario.
For the malicious master, we use the Ubertooth One with the exploit
that we detailed in previous section. We configure the malicious
master to use channel 37 and to reply to any ADV_IND with a
CONNECT_REQ, with the connInterval parameter set to 400ms. As
we do not follow the slave into the connection state, we expect that
the slave will lose connection after 6 x connInterval, which is 2.4
seconds. The exploit returns all BLE packets it detects.
For the slave, we use a standalone evaluation board, see Figure 16.
The slave device uses a CC2541 chipset and contains two buttons
and a small coin cell battery. The firmware running inside the slave
is a small test application. The application starts advertising as soon
We also take into account jamming, where we assume two extremes,
either we can successfully jam or we cannot jam. If we can
successfully jam, it might be that the malicious master is strong
enough to even win. This means that the malicious master needs to
be significantly closer than the master to the slave.
In any given instance the master will be listening in one slot out of
three, and at the same given time, the malicious masters will be
Figure 19 CONNECT_REQ
listening in all three slots.
Further we assume that the slave is incapable of using the white list
7.2 Attack rating using Common Criteria with resolvable private addresses.
Based on the exploit, we estimate the attack rating for both the Further we take as assumption that when the slave receives a connect
identification and the exploitation phase. request it will immediately stop advertising and enter connection
It is normally more complex to identify and develop the attack than state.
it is to exploit it, therefore the identification of an exploit and the 7.3.2 Estimations
actual exploitation are separated with individual ratings. Based on these assumptions above, we estimate the theoretical
Elapsed time, to identify and develop the exploit requires us to spend denial of service success rate.
more than 1 month of work. The exploitation can be performed in For each transmitted advertisement indication sent by the slave, the
less than 0.5 hour. master has in average 33% chance of receiving the advertisement,
Expertise, we estimate that the expertise level required for as the master at any given time only listen to one advertisement
identification is expert, while the exploitation can be performed by channel. The three malicious masters on the other hand have
a layman. together 100% chance of receiving the same advertisement.
Knowledge on TOE, the identification requires only public In the case we cannot jam the master, our malicious masters can
information. Exploitation requires no knowledge on the TOE. theoretically reach a denial of service success rate of 67%.
Access to TOE, we can use any TOE for the identification. For the In the case we can jam the master we can theoretically reach 100%
exploit, our exploit can be hidden in any place in the vicinity of the success rate. In 67% of the cases as detailed above we successfully
TOE, meaning we can go undetected. connect immediately, but for the remaining 33%, our malicious
Equipment, the Ubertooth One is considered standard equipment, as master will send a packet that jams the master, resulting in that the
it can be bought from several online stores and even built from slave will not respond. If the master fails to receive a response from
information downloadable from the internet. the slave twice, the master must do the back-off procedure, and will
not be allowed to respond to the slave on subsequent advertisements.
We summarize the criteria for the identification and the exploitation In the subsequent advertisement our malicious masters can send a
phase in Table 2. successful connect request.
8. Discussion
In this exploit the attacker sends a connect request that stalls the
communication on the slave until the Link Layer Connection
Table 2 Attack rating Supervision timer expires. In our experiment we used a timeout of
2.4 seconds, but the BLE specification allows us to extend it to 24
Total point score identification and exploitation of this attack is 18 seconds. Our result demonstrates that it is possible to impersonate a
and 2 for exploitation. master.
In addition we discovered that certain BLE chips are unable to use
7.3 Estimating the success rate the white list and resolve the private address in real time. This
In our experiment we performed a test using using one malicious greatly simplifies the attack vector, as we do not need to know the
master running on channel 37. masters initiator address (InitA) in advance, before connecting to the
We want to estimate the theoretical success rate of the denial of slave.
service attack when using three malicious masters, one for each The BLE specification defines that the master should only listen in
channel. In order to do this, we need to make a number of one advertisement channel at a time. As the master and the slave are
assumptions. not synchronized, this means that the slave will have to send in
7.3.1 Assumptions average three advertisements before the master receives it. This
To be fair, we assume favorable settings for the master in order to gives the attacker an advantage over the master, as he can listen on
maximize its possibility to successfully connect with the slave. all three advertisement channels at the same time. The attacker can
send a connect request to the slave and reach a theoretical success
In our fairness to the master, we assume the master uses rate of 67%, even if attacker is unable to jam the master.
scanWindow = scanInterval = 100ms. We then use a slave
advertising interval of 100ms, where the slave must advertise in all Our experiment was limited to one malicious master in channel 37.
channels within those 100ms. In such scenario, we assume the Since the exploit operate independently in each channel, it would
master is able to find the slave within one scanInterval. For require very little effort to scale up the attack to cover all three
simplification, we ignore the scenarios when a slave sends an channels.
advertisement that overlaps two scan windows. If the attacker in addition is able to jam the master, the attacker can
Further the assumption is that we have three malicious masters theoretically reach 100% denial of service, as the master must
running the exploit on each advertising channel 37, 38 and 39. implement the back off procedure as defined in BLE specifications.
However, this has not been demonstrated in this paper, as we have
In addition we assume that our malicious masters and the slave are only briefly covered signal jamming.
in range (vicinity), and that the malicious masters are able to respond
to all advertisements that they receive in their respective channel. Although it takes a great deal of knowledge to identify the exploit,
it is possible to perform the exploit using only simple means.
If the master would be capable of listening in all channels Another direction of work would be to explore the jamming
simultaneously this would reduce the attack surface. In such case the capabilities, trying to extend the jamming distance by increasing the
attacker must be able to jam the master in order to succeed. output power, and to determine the attenuation of the BLE master in
Another way to reduce the attack surface would be if the BLE chip different situations, such as when a user covers the antenna with his
is able to resolve the private address in real-time, or if the BLE chip hand.
resolves the private address from the application layer after Simplifying the acquisition of the exploit is another direction. The
connection. If the address does not match the stored address, it can current exploit requires both Ubertooth One and a PC to function.
restart advertisement. However, this mitigation would only be To implement the same attack using off-the-shelf Bluetooth Low
effective if the attacker is unable to jam the master, as soon as the Energy chips would make the attack significantly easier to mount.
advertisement restarts, the attacker would jam the connection.
10. References
The denial of service attack can be seen as a completed attack vector [1] Köppel S., 2002, Bluetooth Jamming, Bachelor's Thesis,
or as a sub-goal. If the motivation is to do financial harm this exploit Computer Engineering and Networks Laboratory, ETH
indicates that it is possible to use this method to block Zurich, ftp://ftp.tik.ee.ethz.ch/pub/students/2012-HS/BA-
communication, and thereby threaten the availability. If the 2012-16.pdf, retrieved 204-02-10
motivation is to do financial gain, we can see this exploit as a sub-
goal, where we block communication for a particular user until the [2] Schiphorst R., Hoeksema F. Slump K. 2002, Bluetooth
point, where the user initiates a new pairing between the master and demodulation algorithms and their performance, 2nd
the slave. By the time that happens, we may have sufficient Karlsruhe Workshop on Software Radios, pp. 99-106
information to do financial gain. [3] Project Ubertooth, http://ubertooth.sourceforge.net
9. Conclusions and future work [4] http://www.connectblue.com/fileadmin/Connectblue/Web200
6/Documents/White_papers/Industrial_Bluetooth.pdf
9.1 Conclusions
One of the main findings in this paper is that we analyzed the [5] PayPal Beacon
connection setup mechanism and discovered a weakness in the BLE https://www.paypal.com/webapps/mpp/beacon, Retrieved
protocol that makes it possible for a malicious master to connect to 2014-03-25
a slave. We also discovered that some BLE chipset do not provide [6] Bluetooth Core 4.1 and 4.2 specification
real time resolving of private addresses, and therefore makes them [7] DA14580, Bluetooth Low Energy chipset, http://www.dialog-
vulnerable to this attack. semiconductor.com/docs/site-pdf/da14580_pb.pdf, 2014-03-
We conducted a threat modeling with the focus on availability and 25
denial of service of Bluetooth Low Energy. As a result of the threat [8] Wikipedia on pathloss, http://en.wikipedia.org/wiki/Path_loss,
modeling we identified a potential vulnerability where we can Retrieved 204-02-08
impersonate a BLE device. We developed an exploit, and
demonstrated the vulnerability. Based on the exploit, we rated the [9] Ryan M.,
effort required to identify the vulnerability and then to perform the https://www.usenix.org/sites/default/files/conference/protecte
exploitation using Common Criteria. d-files/ryan_woot13_slides.pdf, Retrieved 2014-02-08
Our result shows that it is possible to disturb Bluetooth Low Energy [10] CC2541 Bluetooth Low Energy controller
on the protocol level and that it can be used to threaten the www.ti.com/product/cc2541, Retrieved 2014-02-08
availability of a system. [11] Common Methodology for Information Technology Security
The conclusion is that once an exploit has been developed, it is easy Evaluation, CEM2.3
for a layman to acquire the necessary equipment and setup an attack [12] Rosa T, Bypassing Passkey Authentication in Bluetooth Low
in a short time with an exploitation score of 2 that is considered low. Energy, IACR Cryptology ePrint Archive,
One of our conclusions is that anyone that develops systems that DBLP:journals/iacr/Rosa1
uses Bluetooth Low Energy communication needs to consider the [13] Perito D., Secure and Private Service Discovery over Low
availability aspects of their solution, as this may not be guaranteed Energy Bluetooth, Square, Real world crypto workshop,
if the attacker has vicinity access. http://realworldcrypto.files.wordpress.com/2013/06/perito.pdf
9.2 Future work [14] LPC1756 data sheet
Future work can be focused on establishing the success rate between http://www.nxp.com/documents/data_sheet/LPC1759_58_56_
a malicious master and a master. 54_52_51.pdf, retrieved 2014-02-10
There are several aspects of the exploit that can be enhanced. Our [15] CC2400 2.4GHz transceiver
implementation only covers ADV_IND. Future work can be to http://www.ti.com/lit/ds/symlink/cc2400.pdf , SWRS042A,
extend the implementation to also cover other advertisement types. Retrieved 2014-02-10,
In case a slave can handle concurrent sessions by the same slave [16] Microsoft threat modeling http://msdn.microsoft.com/en-
there might be a need to have random access addresses. us/library/ee823878(v=cs.20).aspx, retrieved 2014-02-18
When it comes to the attack scenarios, these could be enhanced as [17] Siekkinen M., Hiienkari M., Nurminen J., Nieminen J., How
well. We did not explore a full attack scenario, where we attack all Low Energy is Bluetooth Low Energy? Comparative
three advertising channels at the same time. The exploit has not been Measurements with ZigBee/802.15.4,
tested in public space, further the exploit has only been tested DOI:10.1109/WCNCW.2012.6215496
against one BLE chip. Future work could be focused on classifying
different types of BLE chip.