Identifying Bluetooth Security Risks Through Firmware Reverse-Engineering
Loading...
Date
2023-05
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
The Ohio State University
Abstract
The Bluetooth Low Energy protocol (BLE) is an extremely popular wireless communication protocol used in many "smart" devices and accessories, such as smartphones, home automation devices, wireless speakers, wearable devices, and generic sensors. Data transmitted between BLE devices may be sensitive depending on the application. As such, the Bluetooth Special Interest Group (SIG), which oversees the development of official BLE standards, has guidelines in place for the proper configuration of BLE attributes (which describe data streams and their associated access permissions) to prevent misuse and/or attacks. However, the firmware onboard Bluetooth devices is not guaranteed to configure attributes in accordance with SIG guidelines and may pose security risks as a result. To check for discrepancies, firmware images can be reverse-engineered using FirmXRay, an open-source software tool created by OSU SecLab for reverse-engineering BLE firmware in particular. However, stock FirmXRay does not inspect local variables and is thus insensitive to many parameters involved in BLE configuration. This research proposes several improvements to the FirmXRay software that enable analysis of a wider range of parameters, including stack emulation through a virtualized stack pointer and simulated library calls. Other miscellaneous improvements, such as execution path pruning, are also proposed. Finally, remaining limitations of the improved software are discussed along with potential solutions that may be implemented in future work.
Description
Keywords
reverse engineering, static analysis, bluetooth, internet of things, firmware