A recent discovery revealed that mobile applications that work with Bluetooth devices have a built-in design flaw that makes them vulnerable to hacks.
According to the academic researcher Zhiqiang Lin from the Ohio State University, the vulnerability lies in the way Bluetooth Low Energy devices, a type of Bluetooth used in modern gadgets, communicate with mobile apps.
It’s said that wearable devices like smart speakers, health and fitness trackers or smart home assistants communicate with the apps on mobile devices by broadcasting UUID (Universally Unique Identifier), which allows the mobile apps to recognize the Bluetooth device.
The researcher stated that UUIDs in mobile apps make the devices vulnerable to a fingerprinting attack.
Presenting his findings recently at the Association for Computing Machinery’s Conference on Computer and Communications Security (ACM CCS 2019), Lin said, “There is a fundamental flaw that leaves these devices vulnerable – first when they are initially paired to a mobile app, and then again when they are operating. And while the magnitude of that vulnerability varies, we found it to be a consistent problem among Bluetooth low energy devices when communicating with mobile apps.”
“At a minimum, a hacker could determine whether you have a particular Bluetooth device, such as a smart speaker, at your home, by identifying whether or not your smart device is broadcasting the particular UUIDs identified from the corresponding mobile apps. But in some cases, in which no encryption is involved, or encryption is used improperly between mobile apps and devices, the attacker would be able to ‘listen in’ on your conversation and collect that data,” Lin added.
As part of their research, Lin and his team built a “sniffer”, a hacking device that can identify Bluetooth devices based on the broadcasting messages sent by the devices. After testing the device, the team found more than 5,800 Bluetooth Low Energy devices, in which 5,500 were able to be “fingerprinted” (or identified) by an attack. The team has identified 1,434 vulnerable mobile apps in Google Play that allowed unauthorized access.
Zhiqiang Lin and his research team reported their findings to developers of vulnerable apps and to the Bluetooth Special Interest Group. “It was in the initial app-level authentication, the initial pairing of the phone app with the device, where that vulnerability existed. If app developers tightened defenses in that initial authentication, he said, the problem could be resolved,” Lin concluded.