TU Darmstadt / ULB / TUbiblio

InternalBlue - Bluetooth Binary Patching and Experimentation Framework

Mantz, Dennis and Classen, Jiska and Schulz, Matthias and Hollick, Matthias (2019):
InternalBlue - Bluetooth Binary Patching and Experimentation Framework.
In: The 17th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys ’19), Seoul, South Korea, Jun 17, 2019 - Jun 21, 2019, DOI: 10.1145/3307334.3326089, [Conference or Workshop Item]

Abstract

Bluetooth is one of the most established technologies for short range digital wireless data transmission. With the advent of wearables and the Internet of Things (IoT), Bluetooth has again gained importance, which makes security research and protocol optimizations imperative. Surprisingly, there is a lack of openly available tools and experimental platforms to scrutinize Bluetooth. In par ticular, system aspects and close to hardware protocol layers are mostly uncovered.

We reverse engineer multiple Broadcom Bluetooth chipsets that are widespread in off-the-shelf devices. Thus, we offer deep in sights into the internal architecture of a popular commercial family of Bluetooth controllers used in smartphones, wearables, and IoT platforms. Reverse engineered functions can then be altered with our InternalBlue Python framework—outperforming evaluation kits, which are limited to documented and vendor-defined functions. The modified Bluetooth stack remains fully functional and high-performance. Hence, it provides a portable low-cost research platform.

InternalBlue is a versatile framework and we demonstrate its abilities by implementing tests and demos for known Bluetooth vulnerabilities. Moreover, we discover a novel critical security issue affecting a large selection of Broadcom chipsets that allows executing code within the attacked Bluetooth firmware. We further show how to use our framework to fix bugs in chipsets out of vendor support and how to add new security features to Bluetooth firmware.

Item Type: Conference or Workshop Item
Erschienen: 2019
Creators: Mantz, Dennis and Classen, Jiska and Schulz, Matthias and Hollick, Matthias
Title: InternalBlue - Bluetooth Binary Patching and Experimentation Framework
Language: English
Abstract:

Bluetooth is one of the most established technologies for short range digital wireless data transmission. With the advent of wearables and the Internet of Things (IoT), Bluetooth has again gained importance, which makes security research and protocol optimizations imperative. Surprisingly, there is a lack of openly available tools and experimental platforms to scrutinize Bluetooth. In par ticular, system aspects and close to hardware protocol layers are mostly uncovered.

We reverse engineer multiple Broadcom Bluetooth chipsets that are widespread in off-the-shelf devices. Thus, we offer deep in sights into the internal architecture of a popular commercial family of Bluetooth controllers used in smartphones, wearables, and IoT platforms. Reverse engineered functions can then be altered with our InternalBlue Python framework—outperforming evaluation kits, which are limited to documented and vendor-defined functions. The modified Bluetooth stack remains fully functional and high-performance. Hence, it provides a portable low-cost research platform.

InternalBlue is a versatile framework and we demonstrate its abilities by implementing tests and demos for known Bluetooth vulnerabilities. Moreover, we discover a novel critical security issue affecting a large selection of Broadcom chipsets that allows executing code within the attacked Bluetooth firmware. We further show how to use our framework to fix bugs in chipsets out of vendor support and how to add new security features to Bluetooth firmware.

Uncontrolled Keywords: Solutions; S1
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Sichere Mobile Netze
DFG-Collaborative Research Centres (incl. Transregio)
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres
DFG-Graduiertenkollegs
DFG-Graduiertenkollegs > Research Training Group 2050 Privacy and Trust for Mobile Users
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1053: MAKI – Multi-Mechanisms Adaptation for the Future Internet
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1053: MAKI – Multi-Mechanisms Adaptation for the Future Internet > C: Communication Mechanisms
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1053: MAKI – Multi-Mechanisms Adaptation for the Future Internet > C: Communication Mechanisms > Subproject C1: Network-centred perspective
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1119: CROSSING – Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments
Event Title: The 17th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys ’19)
Event Location: Seoul, South Korea
Event Dates: Jun 17, 2019 - Jun 21, 2019
Date Deposited: 08 May 2019 08:12
DOI: 10.1145/3307334.3326089
Export:

Optionen (nur für Redakteure)

View Item View Item