Identifying Bluetooth Security Risks Through Firmware Reverse-Engineering

Loading...
Thumbnail Image

Date

2023-05

Journal Title

Journal ISSN

Volume Title

Publisher

The Ohio State University

Research Projects

Organizational Units

Journal Issue

Abstract

The Bluetooth Low Energy protocol (BLE) is an extremely popular wireless communication protocol used in many "smart" devices and accessories, such as smartphones, home automation devices, wireless speakers, wearable devices, and generic sensors. Data transmitted between BLE devices may be sensitive depending on the application. As such, the Bluetooth Special Interest Group (SIG), which oversees the development of official BLE standards, has guidelines in place for the proper configuration of BLE attributes (which describe data streams and their associated access permissions) to prevent misuse and/or attacks. However, the firmware onboard Bluetooth devices is not guaranteed to configure attributes in accordance with SIG guidelines and may pose security risks as a result. To check for discrepancies, firmware images can be reverse-engineered using FirmXRay, an open-source software tool created by OSU SecLab for reverse-engineering BLE firmware in particular. However, stock FirmXRay does not inspect local variables and is thus insensitive to many parameters involved in BLE configuration. This research proposes several improvements to the FirmXRay software that enable analysis of a wider range of parameters, including stack emulation through a virtualized stack pointer and simulated library calls. Other miscellaneous improvements, such as execution path pruning, are also proposed. Finally, remaining limitations of the improved software are discussed along with potential solutions that may be implemented in future work.

Description

Keywords

reverse engineering, static analysis, bluetooth, internet of things, firmware

Citation