Himiko: A human interface for monitoring and inferring knowledge on bluetooth-low-energy objects: demo
Authors: 
Guillaume Celosia and Mathieu CuncheAuthors Info & Claims
Guillaume Celosia and Mathieu CuncheAuthors Info & ClaimsMay 2019
Pages 292 - 293
Abstract
The Bluetooth Low Energy (BLE) protocol is being included in a growing number of connected objects such as smartphones, fitness trackers, headphones and smartwatches. As part of the service discovery mechanism of BLE, devices announce themselves by broadcasting radio signals called advertisement packets that can be collected with off-the-shelf hardware and software. To avoid the risk of tracking based on those messages, BLE features an address randomization mechanism that substitutes the device MAC address with random temporary pseudonyms. However, the payload of the advertisement packet still contains fields that can hamper the randomization mechanism by exposing counters and static identifiers. In addition to defeating the randomization mechanism, some of these fields can leak sensitive attributes of the owner such as his medical condition.
As a consequence, we implemented Himiko to raise awareness about the privacy issues that the BLE advertising mechanism can involve. This tool aims to show the information that a passive eavesdropper can infer by leveraging the contents of BLE advertisement packets. The advertising raw data are collected and processed from devices that have their Bluetooth interface enabled. The user is then shown the information that are leaking from his device.
References
[1]
Bluetooth SIG. 2018. Bluetooth Market Update 2018. Technical Report. https://www.bluetooth.com/markets/market-report
[2]
Guillaume Celosia and Mathieu Cunche. 2019. Saving Private Addresses: An Analysis of Privacy Issues in the Bluetooth-Low-Energy Advertising Mechanism. Under evaluation.
[3]
Aveek K Das, Parth H Pathak, Chen-Nee Chuah, and Prasant Mohapatra. 2016. Uncovering privacy leakage in ble network traffic of wearable fitness trackers. In Proceedings of the 17th International Workshop on Mobile Computing Systems and Applications. ACM.
[4]
Kassem Fawaz, Kyu-Han Kim, and Kang G Shin. 2016. Protecting Privacy of BLE Device Users. In USENIX Security Symposium.
[5]
Dieter Oosterlinck, Dries F Benoit, Philippe Baecke, and Nico Van de Weghe. 2017. Bluetooth tracking of humans in an indoor environment: An application to shopping mall visits.
[6]
Bluetooth SIG. 2019. Bluetooth Core Specification v5.1. https://www.bluetooth.com/specifications/bluetooth-core-specification
[7]
Mathy Vanhoef, Celestin Matte, Mathieu Cunche, Leonardo S. Cardoso, and Frank Piessens. 2016. Why MAC Address Randomization is Not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms. In Proceedings of the 11th ACMon Asia Conference on Computer and Communications Security (ASIA CCS '16). ACM.
[8]
Ford-Long Wong and Frank Stajano. 2005. Location privacy in bluetooth. In Security and privacy in ad-hoc and sensor networks.
Index Terms
- Himiko: A human interface for monitoring and inferring knowledge on bluetooth-low-energy objects: demo
Recommendations
Fingerprinting Bluetooth-Low-Energy Devices Based on the Generic Attribute Profile
IoT S&P'19: Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-ThingsBluetooth Low Energy (BLE) is a short range wireless technology included in many consumer devices such as smartphones, earphones and wristbands. As part of the Attribute (ATT) protocol, discoverable BLE devices expose a data structure called Generic ...
Saving private addresses: an analysis of privacy issues in the bluetooth-low-energy advertising mechanism
MobiQuitous '19: Proceedings of the 16th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and ServicesThe Bluetooth Low Energy (BLE) protocol is being included in a growing number of connected objects such as fitness trackers and headphones. As part of the service discovery mechanism of BLE, devices announce themselves by broadcasting radio signals ...
Venom: a visual and experimental bluetooth low energy tracking system
WiSec '20: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile NetworksThe Bluetooth Low Energy (BLE) protocol is being included in mobile devices such as smartphones, headphones and smartwatches. As part of the BLE service discovery mechanism, devices announce their presences by broadcasting radio signals called ...
Comments
Information & Contributors
Information
Published In
May 2019
359 pages
ISBN:9781450367264
DOI:10.1145/3317549
Copyright © 2019 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 15 May 2019
Check for updates
Author Tags
Qualifiers
- Demonstration
Conference
WiSec '19
Sponsor:
WiSec '19: 12th ACM Conference on Security and Privacy in Wireless and Mobile Networks
May 15 - 17, 2019
Florida, Miami
Acceptance Rates
Overall Acceptance Rate 98 of 338 submissions, 29%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 97Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)0
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in