TU Darmstadt / ULB / TUbiblio

Inside Job: Diagnosing Bluetooth Lower Layers Using Off-the-Shelf Devices

Classen, Jiska and Hollick, Matthias (2019):
Inside Job: Diagnosing Bluetooth Lower Layers Using Off-the-Shelf Devices.
In: 12th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec ’19), Miami, FL, USA, May 15, 2019 - May 17, 2019, DOI: https: //doi.org/10.1145/3317549.3319727, [Conference or Workshop Item]

Abstract

Bluetooth is among the dominant standards for wireless short-range communication with multi-billion Bluetooth devices shipped each year. Basic Bluetooth analysis inside consumer hardware such as smartphones can be accomplished observing the Host Controller Interface (HCI) between the operating system’s driver and the Bluetooth chip. However, the HCI does not provide insights to tasks running inside a Bluetooth chip or Link Layer (LL) packets exchanged over the air. As of today, consumer hardware internal behavior can only be observed with external, and often expensive tools, that need to be present during initial device pairing. In this paper, we leverage standard smartphones for on-device Bluetooth analysis and reverse engineer a diagnostic protocol that resides inside Broadcom chips. Diagnostic features include sniffing lower layers such as LL for Classic Bluetooth and Bluetooth Low Energy (BLE), transmission and reception statistics, test mode, and memory peek and poke.

Item Type: Conference or Workshop Item
Erschienen: 2019
Creators: Classen, Jiska and Hollick, Matthias
Title: Inside Job: Diagnosing Bluetooth Lower Layers Using Off-the-Shelf Devices
Language: English
Abstract:

Bluetooth is among the dominant standards for wireless short-range communication with multi-billion Bluetooth devices shipped each year. Basic Bluetooth analysis inside consumer hardware such as smartphones can be accomplished observing the Host Controller Interface (HCI) between the operating system’s driver and the Bluetooth chip. However, the HCI does not provide insights to tasks running inside a Bluetooth chip or Link Layer (LL) packets exchanged over the air. As of today, consumer hardware internal behavior can only be observed with external, and often expensive tools, that need to be present during initial device pairing. In this paper, we leverage standard smartphones for on-device Bluetooth analysis and reverse engineer a diagnostic protocol that resides inside Broadcom chips. Diagnostic features include sniffing lower layers such as LL for Classic Bluetooth and Bluetooth Low Energy (BLE), transmission and reception statistics, test mode, and memory peek and poke.

Uncontrolled Keywords: Solutions; S1
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Sichere Mobile Netze
DFG-Collaborative Research Centres (incl. Transregio)
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1053: MAKI – Multi-Mechanisms Adaptation for the Future Internet
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1053: MAKI – Multi-Mechanisms Adaptation for the Future Internet > C: Communication Mechanisms
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1053: MAKI – Multi-Mechanisms Adaptation for the Future Internet > C: Communication Mechanisms > Subproject C1: Network-centred perspective
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1119: CROSSING – Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments
Event Title: 12th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec ’19)
Event Location: Miami, FL, USA
Event Dates: May 15, 2019 - May 17, 2019
Date Deposited: 08 May 2019 08:11
DOI: https: //doi.org/10.1145/3317549.3319727
Export:

Optionen (nur für Redakteure)

View Item View Item