InjectaBLE: Injecting malicious traffic into established Bluetooth Low Energy connections - Archive ouverte HAL Access content directly
Conference Papers Year : 2021

InjectaBLE: Injecting malicious traffic into established Bluetooth Low Energy connections

(1, 2) , (2) , (2) , (2) , (2) , (1)
1
2

Abstract

Bluetooth Low Energy (BLE) is nowadays one of the most popular wireless communication protocols for Internet of Things (IoT) devices. As a result, several attacks have targeted this protocol or its implementations in recent years, illustrating the growing interest for this technology. However, some major challenges remain from an offensive perspective, such as injecting arbitrary frames, hijacking the Slave role or performing a Man-in-The-Middle in an already established connection. In this paper, we describe a novel attack called InjectaBLE, allowing to inject malicious traffic into an existing connection. This attack is highly critical as the vulnerability exploited is inherent to the BLE specification itself, which means that any BLE connection can be possibly vulnerable, regardless of the BLE devices involved in the connection. We describe the theoretical foundations of the attack, how to implement it in practice, and we explore four critical attack scenarios allowing to maliciously trigger a specific feature of the target device, hijack the Slave and Master role or to perform a Man-in-the-Middle attack. Finally, we discuss the impact of this attack and outline some mitigation measures.
Fichier principal
Vignette du fichier
injectable_final_version.pdf (530.73 Ko) Télécharger le fichier
Origin : Files produced by the author(s)

Dates and versions

hal-03193297 , version 1 (08-04-2021)
hal-03193297 , version 2 (12-04-2021)

Identifiers

Cite

Romain Cayre, Florent Galtier, Guillaume Auriol, Vincent Nicomette, Mohamed Kaâniche, et al.. InjectaBLE: Injecting malicious traffic into established Bluetooth Low Energy connections. IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2021), Jun 2021, Taipei (virtual), Taiwan. ⟨10.1109/DSN48987.2021.00050⟩. ⟨hal-03193297v2⟩
437 View
9 Download

Altmetric

Share

Gmail Facebook Twitter LinkedIn More