PeriScope: Comprehensive Vulnerability Analysis of Mobile App-defined Bluetooth Peripherals

Many IoT devices today talk to each other via Bluetooth Low Energy (BLE), a wireless communication technology often used to exchange data between a paired central and peripheral. These peripheral devices include not only firmware-defined bare-metal peripherals but also mobile application defined peripherals where a mobile app turns a smartphone into a peripheral instead of their usual central role. However, this role reversal increases the attack surface and brings vulnerabilities in bare-metal Bluetooth peripherals to mobile apps where relevant security and privacy have not been well studied. To fill this knowledge gap, this paper presents PeriScope, an automated tool to unveil the security and privacy vulnerabilities at the link layer of app-defined Bluetooth peripherals in the procedures of broadcasting, pairing, and communication by systematically analyzing their companion mobile apps. PeriScope has analyzed 1,160 Bluetooth peripheral apps from Google Play and identified 69.13% of them that broadcast device or personal identifiable information in cleartext, and, in addition, there are 95% pieces of data managed by these apps (e.g., personal health data and digital keys to unlock doors) to exchange with connected devices can be accessed without authentication. Finally, a set of guidelines for secure app-defined Bluetooth peripherals development is also provided.