Inside Job: Diagnosing Bluetooth Lower Layers Using Off-the-Shelf Devices

Bluetooth is among the dominant standards for wireless short-range communication with multi-billion Bluetooth devices shipped each year. Basic Bluetooth analysis inside consumer hardware such as smartphones can be accomplished observing the Host Controller Interface (HCI) between the operating system's driver and the Bluetooth chip. However, the HCI does not provide insights to tasks running inside a Bluetooth chip or Link Layer (LL) packets exchanged over the air. As of today, consumer hardware internal behavior can only be observed with external, and often expensive tools, that need to be present during initial device pairing. In this paper, we leverage standard smartphones for on-device Bluetooth analysis and reverse engineer a diagnostic protocol that resides inside Broadcom chips. Diagnostic features include sniffing lower layers such as LL for Classic Bluetooth and Bluetooth Low Energy (BLE), transmission and reception statistics, test mode, and memory peek and poke

Security and Privacy for IoT Ecosystems

Smart devices have become an integral part of our everyday life. In contrast to smartphones and laptops, Internet of Things (IoT) devices are typically managed by the vendor. They allow little or no user-driven customization. Users need to use and trust IoT devices as they are, including the ecosystems involved in the processing and sharing of personal data. Ensuring that an IoT device does not leak private data is imperative. This thesis analyzes security practices in popular IoT ecosystems across several price segments. Our results show a gap between real-world implementations and state-of-the-art security measures. The process of responsible disclosure with the vendors revealed further practical challenges. Do they want to support backward compatibility with the same app and infrastructure over multiple IoT device generations? To which extent can they trust their supply chains in rolling out keys? Mature vendors have a budget for security and are aware of its demands. Despite this goodwill, developers sometimes fail at securing the concrete implementations in those complex ecosystems. Our analysis of real-world products reveals the actual efforts made by vendors to secure their products. Our responsible disclosure processes and publications of design recommendations not only increase security in existing products but also help connected ecosystem manufacturers to develop secure products. Moreover, we enable users to take control of their connected devices with firmware binary patching. If a vendor decides to no longer offer cloud services, bootstrapping a vendor-independent ecosystem is the only way to revive bricked devices. Binary patching is not only useful in the IoT context but also opens up these devices as research platforms. We are the first to publish tools for Bluetooth firmware and lower-layer analysis and uncover a security issue in Broadcom chips affecting hundreds of millions of devices manufactured by Apple, Samsung, Google, and more. Although we informed Broadcom and customers of their technologies of the weaknesses identified, some of these devices no longer receive official updates. For these, our binary patching framework is capable of building vendor-independent patches and retrofit security. Connected device vendors depend on standards; they rarely implement lower-layer communication schemes from scratch. Standards enable communication between devices of different vendors, which is crucial in many IoT setups. Secure standards help making products secure by design and, thus, need to be analyzed as early as possible. One possibility to integrate security into a lower-layer standard is Physical-Layer Security (PLS). PLS establishes security on the Physical Layer (PHY) of wireless transmissions. With new wireless technologies emerging, physical properties change. We analyze how suitable PLS techniques are in the domain of mmWave and Visible Light Communication (VLC). Despite VLC being commonly believed to be very secure due to its limited range, we show that using VLC instead for PLS is less secure than using it with Radio Frequency (RF) communication. The work in this thesis is applied to mature products as well as upcoming standards. We consider security for the whole product life cycle to make connected devices and IoT ecosystems more secure in the long term

DEMO: Attaching InternalBlue to the Proprietary macOS IOBluetooth Framework

In this demo, we provide an overview of the macOS Bluetooth stack internals and gain access to undocumented low-level interfaces. We leverage this knowledge to add macOS support to the InternalBlue firmware modification and wireless experimentation framework.Comment: 13th ACM Conference on Security and Privacy in Wireless and Mobile Network

Firmware Insider: Bluetooth Randomness is Mostly Random

Bluetooth chips must include a Random Number Generator (RNG). This RNG is used internally within cryptographic primitives but also exposed to the operating system for chip-external applications. In general, it is a black box with security-critical authentication and encryption mechanisms depending on it. In this paper, we evaluate the quality of RNGs in various Broadcom and Cypress Bluetooth chips. We find that the RNG implementation significantly changed over the last decade. Moreover, most devices implement an insecure Pseudo-Random Number Generator (PRNG) fallback. Multiple popular devices, such as the Samsung Galaxy S8 and its variants as well as an iPhone, rely on the weak fallback due to missing a Hardware Random Number Generator (HRNG). We statistically evaluate the output of various HRNGs in chips used by hundreds of millions of devices. While the Broadcom and Cypress HRNGs pass advanced tests, it remains indistinguishable for users if a Bluetooth chip implements a secure RNG without an extensive analysis as in this paper. We describe our measurement methods and publish our tools to enable further public testing.Comment: WOOT'2

Frankenstein: Advanced Wireless Fuzzing to Exploit New Bluetooth Escalation Targets

Wireless communication standards and implementations have a troubled history regarding security. Since most implementations and firmwares are closed-source, fuzzing remains one of the main methods to uncover Remote Code Execution (RCE) vulnerabilities in deployed systems. Generic over-the-air fuzzing suffers from several shortcomings, such as constrained speed, limited repeatability, and restricted ability to debug. In this paper, we present Frankenstein, a fuzzing framework based on advanced firmware emulation, which addresses these shortcomings. Frankenstein brings firmware dumps "back to life", and provides fuzzed input to the chip's virtual modem. The speed-up of our new fuzzing method is sufficient to maintain interoperability with the attached operating system, hence triggering realistic full-stack behavior. We demonstrate the potential of Frankenstein by finding three zero-click vulnerabilities in the Broadcom and Cypress Bluetooth stack, which is used in most Apple devices, many Samsung smartphones, the Raspberry Pis, and many others. Given RCE on a Bluetooth chip, attackers may escalate their privileges beyond the chip's boundary. We uncover a Wi-Fi/Bluetooth coexistence issue that crashes multiple operating system kernels and a design flaw in the Bluetooth 5.2 specification that allows link key extraction from the host. Turning off Bluetooth will not fully disable the chip, making it hard to defend against RCE attacks. Moreover, when testing our chip-based vulnerabilities on those devices, we find BlueFrag, a chip-independent Android RCE.Comment: To be published at USENIX Securit

Anatomy of a Vulnerable Fitness Tracking System: Dissecting the Fitbit Cloud, App, and Firmware

Funding: This work has been co-funded by the DFG as part of projects S1 within the CRC 1119 CROSSING and C.1 within the RTG 2050 ”Privacy and Trust for Mobile Users”, and by the BMBF within CRISP. Paul Patras has been partially supported by the Scottish Informatics and Computer Science Alliance (SICSA) through a PECE grant.Fitbit fitness trackers record sensitive personal information, including daily step counts, heart rate profiles, and locations visited. By design, these devices gather and upload activity data to a cloud service, which provides aggregate statistics to mobile app users. The same principles govern numerous other Internet-of-Things (IoT) services that target different applications. As a market leader, Fitbit has developed perhaps the most secure wearables architecture that guards communication with end-to-end encryption. In this paper, we analyze the complete Fitbit ecosystem and, despite the brand's continuous efforts to harden its products, we demonstrate a series of vulnerabilities with potentially severe implications to user privacy and device security. We employ a repertoire of techniques encompassing protocol analysis, software decompiling, and both static and dynamic embedded code analysis, to reverse engineer previously undocumented communication semantics, the official smartphone app, and the tracker firmware. Through this interplay and in-depth analysis, we reveal how attackers can exploit the Fitbit protocol to extract private information from victims without leaving a trace, and wirelessly flash malware without user consent. We demonstrate that users can tamper with both the app and firmware to selfishly manipulate records or circumvent Fitbit's walled garden business model, making the case for an independent, user-controlled, and more secure ecosystem. Finally, based on the insights gained, we make specific design recommendations that not only can mitigate the identified vulnerabilities, but are also broadly applicable to securing future wearable system architectures.PostprintPeer reviewe

Lost and Found: Stopping Bluetooth Finders from Leaking Private Information

A Bluetooth finder is a small battery-powered device that can be attached to important items such as bags, keychains, or bikes. The finder maintains a Bluetooth connection with the user's phone, and the user is notified immediately on connection loss. We provide the first comprehensive security and privacy analysis of current commercial Bluetooth finders. Our analysis reveals several significant security vulnerabilities in those products concerning mobile applications and the corresponding backend services in the cloud. We also show that all analyzed cloud-based products leak more private data than required for their respective cloud services. Overall, there is a big market for Bluetooth finders, but none of the existing products is privacy-friendly. We close this gap by designing and implementing PrivateFind, which ensures locations of the user are never leaked to third parties. It is designed to run on similar hardware as existing finders, allowing vendors to update their systems using PrivateFind.Comment: WiSec '2

Thermal Effects of Deep Soil Stabilization with Lime Columns

Gegenstand der Arbeit ist die Untersuchung der bei der Herstellung von Branntkalk-Boden-Säulen auftretenden thermischen Effekte und ihres Einflusses auf Wasser- und Wasserdampftransporte im Boden. Die Erwärmung beruht vorrangig auf einer chemischen Reaktion, bei der das dem Boden zugemischte Calciumoxid mit Bodenwasser unter Freisetzung von Wärmeenergie zu Calciumhydroxid reagiert. Hierzu wurden zunächst die thermischen Eigenschaften feinkörniger Böden und ihre Beeinflussung durch das Herstellen des Bindemittel-Boden-Gemisches in situ untersucht. Weiterhin wurden Untersuchungen zum zeitlichen Verlauf der chemischen Reaktion und zur Größe der dabei freigesetzten Reaktionswärme vorgenommen. Mit dem Vorhaben, die mit der Säulenherstellung einhergehenden Temperaturfeldänderungen zu erfassen, wurden danach die thermischen Anfangs- und Randbedingungen des Bodens und der Bodenoberfläche untersucht und festgelegt. Anschließend wurden die zeitabhängigen Temperaturfeldänderungen auf der Grundlage der Wärmeübertragung durch Wärmeleitung mit Hilfe des Finite-Elemente-Methode Programms Ansys® 6.1 numerisch simuliert. Das Finite-Elemente-Modell wurde durch die Nachrechnung von Feldversuchen verifiziert. Im Rahmen der Finite-Elemente-Berechnungen wurde die infolge der Hydratation des Branntkalkes stattfindende Erwärmung des Bindemittel-Boden-Gemisches und des angrenzenden Bodens simuliert und hinsichtlich relevanter Einflussgrößen überprüft. Untersucht wurde der Einfluss herstellungsbedingter Faktoren wie Bindemittelkonzentration, Säulendurchmesser und Säulenanordnung sowie der Einfluss natürlicher Faktoren wie Trockendichte und Sättigungsgrad des Bodens. Die mit Hilfe der Finite-Elemente-Methode ermittelten zeitabhängigen, im Boden auftretenden Temperaturgefälle bilden die Grundlage für die Untersuchung der thermisch bedingten Wassertransportvorgänge in der Stabilisierungssäule und deren Umfeld. Zu diesem Zweck wurde die durch die Temperaturfeldbeeinflussung geänderte energetische Situation des Bodenwassers analysiert. Auch nicht-thermische, infolge der Säulenherstellung auftretende Effekte wie die durch den >Stopfeffekt< bedingte lokale Sättigungsänderung und die Beeinflussung des osmotischen Potentials einschließlich der daraus resultierenden Wasserbewegungen wurden berücksichtigt. Alle thermisch verursachten Wasser- und Dampfflüsse bewirken ein Abströmen von Porenwasser aus dem stabilisierten Erdkörper in den umliegenden Boden. Baupraktisch bleiben die durch thermische Einflüsse hervorgerufenen Wassertransportvorgänge aufgrund ihres geringen Betrages jedoch unbedeutend. In abschließenden Temperaturfeldberechnungen wurden die thermischen Bodenkennwerte an die sich zeitlich verändernde Wassersättigung des Bodens angepasst. Anhand der ermittelten Temperaturverläufe wurde aufgezeigt, dass der Einfluss der Sättigungsänderung auf die Berechnungsergebnisse sehr gering ist, und damit die Voraussetzung für die vorangegangene entkoppelte Betrachtung des Wärme- und Massestromes erfüllt ist. Aufgrund dieser Ergebnisse muss der mehrfach in der Literatur zitierte, auch mit der tiefgründigen Bodenstabilisierung in Zusammenhang gebrachte, Einfluss der Erwärmung auf die Verdunstung des Bodenwassers kritisch betrachtet und in Frage gestellt werden. Voraussetzung hierfür ist der Transport von Wasser an die Bodenoberfläche. Nennenswerte, auf Temperatureinflüssen beruhende Wasserbewegungen sind, wie die Berechnungsergebnisse gezeigt haben, nicht zu erwarten. Weitere Untersuchungen zur Festigkeitsentwicklung von Branntkalk-Boden-Säulen und deren Vorhersage sollten sich daher auf die mechanischen Effekte und auf die mineralogisch-chemischen Prozesse, wie die puzzolanischen Reaktionen, und die Möglichkeiten ihrer Prognose konzentrieren. Die Berechnungen haben gezeigt, dass die Temperaturentwicklung in der Stabilisierungssäule im Wesentlichen durch die Bindemittelkonzentration, und ihr Auskühlungsverhalten vorrangig durch ihre geometrischen Abmessungen bestimmt wird. Diese Sachverhalte sind von den Bodenparametern, der für die Stabilisierung in Frage kommenden Böden, weitestgehend unabhängig. Temperaturmessungen stellen daher ein geeignetes Mittel zur Qualitätssicherung bei der Herstellung von Branntkalk-Boden-Säulen dar, mit deren Hilfe sich Inhomogenitäten bei der Bindemittelverteilung oder Störungen beim Hydratationsvorgang (Ablöschen des Branntkalkes) nachweisen lassen. Entsprechende Hilfsmittel wurden angegeben.Deep stabilization of soil with lime columns causes thermal effects. This is mainly due to the reaction of the unslaked lime with the water in the soil. In this thesis the influence of the thermal effects on the movement of soil water was investigated. In a first step the thermal properties of the stabilized soil in the column and the surrounding soil were analysed. In order to calculate the alteration process of the temperature fields the heat generation coupled to the chemical reaction and the thermal boundary conditions like the distribution of temperature in natural soils were defined. On this base the transient change of the temperature field around the lime columns was computed using the finite element method. The numerical analysis was done with the finite element code ANSYS® 6.1. Due to the high saturation of the stabilized and the surrounding soils only heat transfer by thermal conduction was regarded in the first calculation step. For the present the coupled transport of heat and moisture was neglected as well as the influence of moisture movement on the thermal properties. The model was verified by simulating a large-scale field experiment of the Swedish Geotechnical Institute from which temperature measurements were stated. Very good correlations were achieved between experimental and numerical results. In the next step the influences of the soil parameters, the geometry of the lime columns as well as their arrangement, and the lime concentration on the numerical results were investigated. The computed transient temperature fields and the derived thermal gradients formed the basis for the analysis of temperature-dependent moisture movement in the lime columns and in the surrounding soil. Water and water vapour move due to potential gradients from high to low potential. Therefore, the change of the soil water potential caused by thermal effects was regarded. Also, non-thermal effects such as the change of saturation due to soil compaction and the alteration of the osmotic potential due to dissolution processes were taken into consideration. The calculation results indicated a flow of liquid water and water vapour from the centre of the lime columns towards the surrounding soil. The results also showed that the amount of moisture moved by thermal effects is low and does not contribute to the hardening of the lime columns. In a closing calculation step the change of saturation due to thermal and non-thermal effects was taken into account by adapting the thermal soil parameters to the time-dependent distribution of the soil water. It was shown that the altered saturation has negligible effect on the calculated temperature fields. Therefore, the assumptions made in the first calculation step, concerning the mechanism of heat transfer, were proven true. Based on these results, the often-cited influence of the heat released when unslaked lime reacts with the water in soil has to be called into question, at least in the case of the deep stabilization of soils with lime columns. That would require, for example, the transport of moisture to the soil surface, which according to the results of the calculations is not given. Further investigations into the hardening of lime columns and the prediction of this process should concentrate on mechanical and mineralogical effects such as soil compaction and the pozzolanic reactions. Temperature measurements may serve as a good tool for quality assurance, because the development of heat depends strongly on the lime concentration, while the influence of the soil parameters of the stabilized clayey soils on the change of temperature is very small. Appropriate data were given in this thesis

Breaking Fitness Records without Moving: Reverse Engineering and Spoofing Fitbit

Tens of millions of wearable fitness trackers are shipped yearly to consumers who routinely collect information about their exercising patterns. Smartphones push this health-related data to vendors' cloud platforms, enabling users to analyze summary statistics on-line and adjust their habits. Third-parties including health insurance providers now offer discounts and financial rewards in exchange for such private information and evidence of healthy lifestyles. Given the associated monetary value, the authenticity and correctness of the activity data collected becomes imperative. In this paper, we provide an in-depth security analysis of the operation of fitness trackers commercialized by Fitbit, the wearables market leader. We reveal an intricate security through obscurity approach implemented by the user activity synchronization protocol running on the devices we analyze. Although non-trivial to interpret, we reverse engineer the message semantics, demonstrate how falsified user activity reports can be injected, and argue that based on our discoveries, such attacks can be performed at scale to obtain financial gains. We further document a hardware attack vector that enables circumvention of the end-to-end protocol encryption present in the latest Fitbit firmware, leading to the spoofing of valid encrypted fitness data. Finally, we give guidelines for avoiding similar vulnerabilities in future system designs