Protecting UUID in Bluetooth Low Energy (from Sniffing and Fingerprinting)
T2019-377 A method for mitigating the BLE vulnerability in an IoT device that protects UUIDs from being harvested and reverse engineered
Universally Unique Identifiers (UUIDs) in Bluetooth Low Energy (BLE) Devices are vital for nearby smartphone applications to discover them. BLE has also been increasingly used by Internet of Things (IoT) devices in various areas such as transportation, healthcare, wearables, retail, and smart homes. However, UUIDs today are statically generated and even worse, an attacker can easily reverse engineer the UUIDs directly from mobile apps from an app store like Google Play. Therefore, an attacker can first harvest all UUIDs from the app store and then fingerprint in the physical world all of the BLE devices nearby to attackers. This is a serious security and privacy breach and there is a need to fix this vulnerability.
A team of researchers at The Ohio State University led by Dr. Zhiqiang Lin has developed a method for mitigating the BLE vulnerability in an IoT device that protects UUIDs from being harvested and reverse engineered. It is first able to detect the BLE vulnerability in the device, then prevents the UUID fingerprinting of the device. The method allows for protection on three different levels: Channel-level, App-level, and dynamic UUID generation. On the channel-level, the method prevents advertisement packets from being sniffed in the air. On the app-level, the method protects UUIDs from being reverse engineered such that attackers cannot bind UUIDs to specific apps for the fingerprinting. Finally, through dynamic UUID generation in both the app and in a device's firmware, it becomes difficult to reverse engineer the UUID. This method was developed by testing over 5,000 BLE devices and 18,000 apps from Google Play.
- Internet of Things (IoT) devices
- Bluetooth Low Energy (BLE) Devices
- Mitigates BLE IoT device vulnerability