P. Sivakumaran, Chaoshun Zuo, Zhiqiang Lin, Jorge Blasco
{"title":"利用ble - guide从移动应用程序中发现蓝牙低功耗物联网的漏洞","authors":"P. Sivakumaran, Chaoshun Zuo, Zhiqiang Lin, Jorge Blasco","doi":"10.1145/3579856.3595806","DOIUrl":null,"url":null,"abstract":"Increasingly, with embedded intelligence and control, IoT devices are being adopted faster than ever. However, the IoT landscape and its security implications are not yet fully understood. This paper seeks to shed light on this by focusing on a particular type of IoT devices, namely the ones using Bluetooth Low Energy (BLE). Our contributions are two-fold: First, we present Ble-Guuide, a framework for performing mobile app-centric security issue identification. We exploit Universally Unique Identifiers (UUIDs), which underpin data transmissions in BLE, to glean rich information regarding device functionality and the underlying security issues. We combine this with information from app descriptions and BLE libraries, to identify the corresponding security vulnerabilities in BLE devices and determine the security or privacy impact they could have depending on the device functionality. Second, we present a large-scale analysis of 17,243 free, BLE-enabled Android APKs, systematically crawled from the official Google Play store. By applying Ble-Guuide to this dataset, we uncover that more than 70% of these APKs contain at least one security vulnerability. We also obtain insights into the identified security vulnerabilities and their impact.","PeriodicalId":156082,"journal":{"name":"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Uncovering Vulnerabilities of Bluetooth Low Energy IoT from Companion Mobile Apps with Ble-Guuide\",\"authors\":\"P. Sivakumaran, Chaoshun Zuo, Zhiqiang Lin, Jorge Blasco\",\"doi\":\"10.1145/3579856.3595806\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Increasingly, with embedded intelligence and control, IoT devices are being adopted faster than ever. However, the IoT landscape and its security implications are not yet fully understood. This paper seeks to shed light on this by focusing on a particular type of IoT devices, namely the ones using Bluetooth Low Energy (BLE). Our contributions are two-fold: First, we present Ble-Guuide, a framework for performing mobile app-centric security issue identification. We exploit Universally Unique Identifiers (UUIDs), which underpin data transmissions in BLE, to glean rich information regarding device functionality and the underlying security issues. We combine this with information from app descriptions and BLE libraries, to identify the corresponding security vulnerabilities in BLE devices and determine the security or privacy impact they could have depending on the device functionality. Second, we present a large-scale analysis of 17,243 free, BLE-enabled Android APKs, systematically crawled from the official Google Play store. By applying Ble-Guuide to this dataset, we uncover that more than 70% of these APKs contain at least one security vulnerability. We also obtain insights into the identified security vulnerabilities and their impact.\",\"PeriodicalId\":156082,\"journal\":{\"name\":\"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security\",\"volume\":\"15 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-07-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3579856.3595806\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3579856.3595806","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Uncovering Vulnerabilities of Bluetooth Low Energy IoT from Companion Mobile Apps with Ble-Guuide
Increasingly, with embedded intelligence and control, IoT devices are being adopted faster than ever. However, the IoT landscape and its security implications are not yet fully understood. This paper seeks to shed light on this by focusing on a particular type of IoT devices, namely the ones using Bluetooth Low Energy (BLE). Our contributions are two-fold: First, we present Ble-Guuide, a framework for performing mobile app-centric security issue identification. We exploit Universally Unique Identifiers (UUIDs), which underpin data transmissions in BLE, to glean rich information regarding device functionality and the underlying security issues. We combine this with information from app descriptions and BLE libraries, to identify the corresponding security vulnerabilities in BLE devices and determine the security or privacy impact they could have depending on the device functionality. Second, we present a large-scale analysis of 17,243 free, BLE-enabled Android APKs, systematically crawled from the official Google Play store. By applying Ble-Guuide to this dataset, we uncover that more than 70% of these APKs contain at least one security vulnerability. We also obtain insights into the identified security vulnerabilities and their impact.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
