Proceedings of the International Conference on Inventive Research in Computing Applications (ICIRCA 2018)
IEEE Xplore Compliant Part Number:CFP18N67-ART; ISBN:978-1-5386-2456-2
Bluetooth Low Energy (BLE) crackdown using IoT
Crackdown of BLE protocol incorporated in IoT
Abhishek R. Chandan
Dr. Vaishali D. Khairnar
Student – Masters of Engineering – Information Technology (I.T.)
Terna Engineering College
Navi Mumbai, India
abhi.chandan89@gmail.com
Head of Department – Information Technology (I.T.)
Terna Engineering College
Navi Mumbai, India
khairnar.vaishali3@gmail.com
Abstract — Internet of Things (IoT) is purely about
connecting or linking the devices over the internet. It is
internetworking of physical devices which will detect, collect,
process and exchange data. As it needs to get connected over the
internet, these things (devices) have an IP address associated to
them. The devices use some kind of identifiers to communicate
with other different devices. The goal of Internet of things is to
establish a communication using any networking technology
between any types of physical devices at any place. Its final aim is
to connect to the internet. The IoT framework aspires to connect
anyone with anything anywhere. With great advancement of IoT
and its increasing implementation in today’s world it becomes
very important to secure the network to maintain the
confidentiality, integrity and authenticity of the IoT network.
There are various protocols which are used to make up an IoT
devices or an IoT network. These protocols are different from
standard networking protocols. Bluetooth is one of the protocols
which are used in some of the IoT devices to communicate with
the other devices. Some of the IoT devices use Bluetooth Low
Energy (BLE) protocol to communicate with the other device.
This paper presents real-time hacking of Smart Bulb which uses
BLE (Bluetooth Low Energy) protocol. The real time penetration
testing of an IoT device was performed which uses Bluetooth Low
Energy (BLE) protocol to communicate with the other devices.
Keywords — BLE protocol; Penetration of BLE protocol in IoT
devices
IoT can also be called as the internetworking of physical
objects or devices, vehicles, software, buildings, other
electronic embedded items, sensors, actuators, and other
network connectivity that enable these objects to collect,
exchange and process data. The identification of devices
happens via some method of communication. This method may
include RFID communication, sensor technologies, wireless
technologies or QR codes. Therefore IoT is nothing but
internetworking of physical devices which will detect, collect,
process and exchange data. The IoT is a mammoth network of
connected “things” which include people as well. The possible
relationships are people-people, people-things and thingsthings.
Communication between the devices happens with the help
of some protocols incorporated in the IoT device or network.
These protocols are different from standard networking
protocols. Few examples of protocols used in IoT are (not
limited to the below):
ƒ MQTT (Message Queuing Telemetry Transport)
ƒ CoAP (Constrained Application Protocol)
ƒ XMPP (Extensible Messaging and Presence Protocol)
ƒ AMQP (Advanced Message Queuing Protocol)
ƒ DDS (Data Distribution Service)
ƒ 6LowPAN
I. INTRODUCTION TO IOT
ƒ ZigBee
Internet of Things (IoT) is the term formulated which
enables full access control and interaction between the physical
devices, using Internet, from any distant location on earth. [1].
IoT is a computing concept where every object communicates
with another object with some intended motive. An object
which has the capability to exchange data when connected over
internet is called as an IoT device. It is classified as “Things” in
IoT network. Any object which is not capable of connecting to
the internet for communication is not a part of IoT network and
also not classified as an IoT device.
IoT requires participation of certain entities to be equipped
within the “things” like device specific embedded software,
sensors, actuators, and network supporting components [2].
Irrespective of the wide range of protocols, domains and
applications, the expectation of IoT is to establish interaction
between machines (machine to machine communication) [3].
ƒ SOAP
ƒ NFC and Bluetooth carriers.
II. APPLICATIONS OF IOT
Based on IoT, wide ranges of applications are available. In
the coming future, there will be abundance use of intelligent
applications for smarter transportation and communication,
smart enterprises and industries, smarter offices, homes,
smarter healthcare and support. Below are some of the listed
important applications of IoT [4]:
A. Home Automation: IoT can be engaged in our homes to
dominate various applications like kitchen appliances (smart
fridge, smart ovens, etc.), lighting (includes smart lights and
978-1-5386-2456-2/18/$31.00 ©2018 IEEE
1436
Proceedings of the International Conference on Inventive Research in Computing Applications (ICIRCA 2018)
IEEE Xplore Compliant Part Number:CFP18N67-ART; ISBN:978-1-5386-2456-2
fans), entertainment gadgets (like smart television, audio
systems, smart speakers, etc.), air conditioning systems and
other home security devices (like smart door bell, smart
security cameras, etc.) [4]. These days smart speakers like
Google Home and Amazon Echo control a lot of your home
appliances with voice commands.
B. Power Grids: IoT is widely spreading within power grids.
The utility and building industries are increasingly vulnerable
to the software attacks and software bugs that can cripple
infrastructure.
C. Healthcare: IoT has plenty of implementations and
applications in the healthcare sector. It can be applicable in a
monitoring platform which helps in early diagnosis of diseases,
which will acertain prompt medical attention in cases of critical
medical emergencies [4]. IoT is also being implemented in
surgical tools and robots. These robots are widely being
implemented to do accurate surgeries.
interconnecting devices. "Locator" and "name field" in URI's
are used as device identifiers which bridge the gap between the
devices and existing web technology. For routing and
requesting the service, Distributed Name Service (DNS) and
Uniform Resource Locator (URL) are used jointly. Scheme
specific methods are used to resolve Uniform Resource Names
(URNs) such as globally unique IDs. A distinguishing feature
of physical web is that it considers network URIs as primary
identifier [2].
Proxies use below mentioned components (in silos or
combinations) for identifying the devices in IoT, as depicted in
Fig. 1 [2]:
D. Air Travel: IoT is spreading in aircrafts as well. Software
vulnerability has been identified in several commercial
aircrafts.
E. Environment Monitoring: IoT has its diverse applications
in our environment. Environmental specialist can make use of
IoT very efficiently and effectively. The technological
assistance of sensors and actuators embedded in the smart
devices can enable our environmental experts to finely monitor
water and air quality. It can also help in monitoring the
atmospheric or soil conditions. With the help of IoT devices the
environment specialists and other people can also get timely
alerts for some undesired calamities which can help in planning
and saving many lives [4].
F. Retail and Industry: Many retail and industries are
implementing IoT. It is difficult to gauge the true risk of
software breaches in the industrial and retail sectors, which
tends to downplay their risk of being compromised.
G. Transportation: Transportation system is not an exception
for non-adaptability of loT. A smart grid of diverse
components, devices and “things” in a transportation system
will empower robust and smooth automobile communication,
smart vehicle parking system, better traffic control, etc
[5][6][7][8].
III. ENABLERS OF IOT
Presently, it is very difficult for any of the devices to
communicate with the internet directly (wired or wireless). For
the device to be part of the IoT it is necessary for them to
connect to the internet and start communicating with the
devices to start exchanging data. An additional technology
needs to be introduced or incorporated in the devices to start
any type of interaction between different devices or “things”.
They are called as Identifiers. These identifiers incorporated in
the devices help in device identification [2].
Identifiers use 128 bit address field of IPv6 for universal
network of communication. Uniform Resource Identifier
(URI) is used for identifying the devices in the giant world of
Fig. 1: Enablers of IoT [2]
A. Near Field Communications (NFC):
RFID enacted a major role in rapid evolution of IoT
[9][10]. In recent, a successful technology known as NFC
(Nearest Field Communication) which is used for electronic
payments and various other applicatons, is based on the
principal concept of RFID. NFC acts as a bridge between the
two devices for communication. NFC transreceivers can be
embedded in smart devices that would empower them to read
and store (URI) passive NFC tags through themselves. As
NFC is cheap, compact and attachable, it could be an efficient
choice for tagging it in any smart devices [2].
B. Quick Response Code (QR Code) and Optical Tag:
Printed tags could be used for low cost tagging in the
implementation of the IoT network. A Quick Response Code
(QR code) is a kind of 2D bar-code which is used to cater easy
access to information through a smart device. Hence it is one
of the efficient best choices to implement in the IoT network
978-1-5386-2456-2/18/$31.00 ©2018 IEEE
1437
Proceedings of the International Conference on Inventive Research in Computing Applications (ICIRCA 2018)
IEEE Xplore Compliant Part Number:CFP18N67-ART; ISBN:978-1-5386-2456-2
[11][12]. With the help of image processing techniques QR
code is extracted, that outputs a number, URL, text or URI. In
hindsight, reading the QR codes successfully are dependent on
the below two things [2]:
ƒ An application pre-installed on the device to read the QR
code [2].
ƒ Accurate positioning of the camera to focus and decode
the image [2].
b.
modifications made to the IoT device without any
physical damage done to the IoT device.
Hard Hardware Cracking: In this there is a physical
breakdown of the hardware device to retrieve the
information stored in the microprocessor or
microcontroller (any kind of chip). Sometimes
hardware cracking is not reversible. Once dismantled
it cannot be assembled again and brought back to the
normal working state.
C. Structured Tags:
IoT is all about machine to machine interaction. By
applying structured data in an embedded format, various data
storage platform like cloud service providers and user agents
can intelligently parse data and process them interactively and
proactively. The structured tags behave in a certain way. The
advantage of using structured tags is that it allows you to
create uniformity across application. It avoids re-learning of
the interfaces in the application [2].
D. Beacons:
Beacon is a small radio transmitter. It constantly transmits
a single signal that other devices can detect or see. It
broadcasts a radio signal which is made up of a combination of
letters and numbers transmitted on a regular interval (almost at
every fraction of a second). A smart device like a smartphone
can "detect" or “see” a beacon once it is in range. With respect
to ranging beacons have a better utility as compared to NFC
and QR Codes, as they can broadcast a URL along with the
other information [2].
E. Bluetooth Low Energy (BLE):
Bluetooth Low Energy (BLE) is another excellent option
that can be used for tagging. It is widely used in today's world
[13][14]. Most mobile smart phones and other smart devices
are implementing BLE Hardware into them. It caters diverse
capabilities with the help of Operating System support. BLE
identifies known object in the radius by transmitting an
advertising packet one per second which consumes very less
power [2]. As it consumes less power, the battery consumption
of the device is very minimal. However, with the expectation
of low power and small form factor comes the challenge of
achieving the security and privacy goals using unreliable, low
bandwidth wireless channels and limited processing power and
storage [15].
IV. HARDWARE CRACKING OF IOT DEVICE
Hardware cracking is one of the processes in Security
Testing Methodology of IoT. It consists of two types of
cracking:
a. Soft Hardware Cracking: In this there is no physical
breakdown of the IoT device. But by adding a few
external hardware, there is a change in the nature or
behavior of the IoT device. It is generally referred as
Fig 2: Types of Hardware Cracking
The above Fig. 2 shows the two types of Hardware cracking.
Using Soft Hardware Cracking method, Bluetooth Low
Energy (BLE) devices can be compromised.
V. TOOLS USED FOR HARDWARE CRACKING
As we are doing Soft Hardware Cracking, following are
the hardware and the software tools that would be used to
compromise the BLE device:
Hardware Tools:
a. Target Device: The targeted device which was
compromised was a Smart LED Bulb.
b. Mobile or a Tablet: Android Mobile phone or a Tablet
which has Bluetooth that is capable of communicating
with the other Bluetooth devices.
c. Bluetooth Adapter: Bluetooth adapter would be
required to detect the Bluetooth devices connected in the
environment.
Device: CSR 4.0.
Software Tools:
a. Linux Virtual Machine: Create a Linux Operating
System virtual machine for cracking the Smart LED bulb.
Some tools would be required to be installed in the OS
for cracking it down.
Linux OS: Ubuntu 14.04
b. Virtualization Software: Any virtualization software
that could create or load Linux Operating System.
978-1-5386-2456-2/18/$31.00 ©2018 IEEE
1438
Proceedings of the International Conference on Inventive Research in Computing Applications (ICIRCA 2018)
IEEE Xplore Compliant Part Number:CFP18N67-ART; ISBN:978-1-5386-2456-2
c. Tools installed in Linux VM were:
Hcitool: It is a utility which is used to read and write
commands and configurations into the BLE devices.
Gatttool: Gatt stands for Generic Attribute Profile. We
can discover, read, and write characteristics with gatttool.
Step 3: Check whether the adapter can interact with the Smart
Bulb or not. This is done with the help of “Gatttool”. The
switch “--primary” is used to detect and interact with the BLE
device (Smart Bulb), shown in the below Fig. 5.
VI. RESULTS
Soft hardware cracking method was used to hack into the
BLE protocol of Smart bulb. With help of hardware and the
software tools mentioned in the above section, we were
successful in achieving our result of hacking into the Smart
Bulb through BLE protocol. Following are the steps which
were performed to hack into the Smart Bulb remotely:
Step 1: To check whether the Bluetooth adapter has been
configured and detected successfully or not in the Linux
Operating System. This is achieved by installing the tool
“hcitool” and executing the “hciconfig” command. Fig. 3
shows the MAC address of the Bluetooth adapter. This depicts
that the Bluetooth adapter has been successfully installed and
detected.
Fig. 5: Successful interaction with the Smart Bulb
Step 4: After successful interaction of the devices (Bluetooth
adapter and the Smart Bulb), it is time to execute the
commands that would fiddle with the features of the Smart
Bulb. Here we will change the colors of the Smart Bulb with
the help of “Gatttool” from our Ubuntu Linux Machine
(Virtual Machine).
Fig. 6: Command to change the color of the Smart Bulb
Fig 3: Detection of Bluetooth Adapter
Step 2: Identifying the BLE devices in the environment using
“hcitool”. “8*:C2:**:CA:**:52 Cnli**” is the MAC address
of the Smart Bulb. Refer the below Fig. 4 for your reference
with respect to the command and the MAC address.
Fig. 7: Bulb changes its color to Red after the command is
executed
Fig. 4: MAC address of the Smart Bulb
978-1-5386-2456-2/18/$31.00 ©2018 IEEE
1439
Proceedings of the International Conference on Inventive Research in Computing Applications (ICIRCA 2018)
IEEE Xplore Compliant Part Number:CFP18N67-ART; ISBN:978-1-5386-2456-2
Fig. 6 depicts a command which is executed to change the
color of the bulb through our Bluetooth adapter which is
interacting with the bulb.
Fig. 7 shows the color of the bulb which changed to Red after
the command was executed.
VII. CONCLUSION
This paper talks about real-time compromising of the BLE
(Bluetooth Low Energy) protocol with soft hardware cracking
methodology. Therefore this compromisation showcased can
also be applicable and vulnerable to other IoT devices that
would be using BLE in them. It is very important to understand
the need of implementing a secure BLE connection between
the IoT devices. Along with the soft hardware cracking testing
methodology on BLE, different IoT protocols and wider use of
IoT into various applications have also been discussed.
Fig. 8: Another Command to change the color of the Smart Bulb
VIII. FUTURE SCOPE
This paper showcased real-time hacking of Smart
Bulb which used BLE (Bluetooth Low Energy) protocol. This
IoT device testing was done in a constrained environment.
Testing more Smart devices with BLE implementation will be
more challenging in the real world scenario. The future scope
of this paper is to test the integrity of Smart devices with BLE
incorporated in them. Bluetooth Low Energy protocol are
incorporated in many IoT devices. These IoT devices are used
in various places like Health care (Hospitals), Smart homes,
Smart Cars, Automated industries, Smart Fridge, Power Grids,
Smart cities, Air travels, etc.
REFERENCES
[1] G. D. Evans, “The Internet of Things—How the next evolution of the
internet is changing everything,”Cisco Internet Business Solutions Group
(IBSG),white paper, 2011
[2] Reetu Gupta and Rahul Gupta, 'ABC of Internet of Things :
Advancements, Benefits, Challenges, Enablers and Facilities of IoT', IEEE
2016, 2016 Symposium on Colossal Data Analysis and Networking (CDAN),
978-1-5090-0669-4/16.
Fig.9: Bulb changes its color to Purple after the command is
executed
Fig. 8 depicts another command which is executed to change
the color of the bulb through our Bluetooth adapter which is
interacting with the bulb.
[3] Vermesan, Ovidiu, and Peter Friess, eds. Internet of things: converging
technologies for smart environments and integrated ecosystems. River
Publishers, 2013.
[4] Idris Afzal Shah,Faizan Amin Malik and Syed Arshid Ahmad, 'Enhancing
Security in IoT based Home Automation using Reed Solomon Codes', IEEE
2016, IEEE WiSPNET 2016 conference, pp. 1639, 978-1-4673-9338-6/16.
[5] 1. A. Stankovic "Research directions for the Internet of Things "IEEE
Internet ThingsJ., vol. I, no. I, pp. 3-9,Feb .• 2014
Fig. 9 shows the color of the bulb which changed to Purple
from Red after the command was executed.
[6] 1. Holler, V. Tsiatsis, C. Mulligan, S. Karnouskos, S. Avesand and D.
Boyle From Machine-to-Machine to the Internet of Things: Introduction to a
New Age of Intelligence20 1 4. Elsevier
Please Note: Some of the parts in the images are purposely
blurred to hide the confidentiality of the make of the company.
[7] G. Kortuem, F. Kawsar, D. Fitton and V. Sundramoorthy "Smart objects as
building blocks for the Internet of Things" IEEE Internet Comput., vol. 14, pp.
44-51, 2010
[8] D. Guinard, V. Trifa and E. Wilde "A resource oriented architecture for the
Web of Things" Proc. Internet Things (lOT). pp. 1-8
978-1-5386-2456-2/18/$31.00 ©2018 IEEE
1440
Proceedings of the International Conference on Inventive Research in Computing Applications (ICIRCA 2018)
IEEE Xplore Compliant Part Number:CFP18N67-ART; ISBN:978-1-5386-2456-2
[9] Derawi, Mohammad, and Hao Zhang. "Internet of Things in Real-Life—A
Great Understanding." In Wireless Communications, Networking and
Applications, pp. 337-350. Springer India, 2016.
[12] H. Kato and K.T. Tan, “Pervasive 2D Barcodes for Camera Phone
Applications,” IEEE Pervasive Computing, vol. 6, no. 4, 2007, pp. 76–85.
[13] R. Heydon, Bluetooth Low Energy,Prentice Hall, 2013.
[10] Darianian, Mohsen, and Martin Peter Michael. "Smart home mobile
RFID-based Internet-of-Things systems and services." In Advanced Computer
Theory and Engineering, 2008. ICACTE'08. International Conference on, pp.
116-120. IEEE, 2008.
[14] Oliveira, P., and P. J. Matos. "BLEGen—A Code Generator for Bluetooth
Low Energy Services." Lecture Notes on Software Engineering 4, no. 1
(2016).
[11] Nguyen, Phil Tien, and Ashutosh Aggarwal. "ENHANCED DNSBASED
SERVICE DISCOVERY IN AN INTERNET OF THINGS (IoT)
ENVIRONMENT." U.S. Patent 20,150,341,446, issued November 26, 2015.
[15] Albert F Harris III, Hari Sundaram, and Robin Kravets,
"Security and Privacy in Public IoT Spaces", Department of
Computer Science, University of Illinois at Urbana-Champaign, IEEE
2016, 978-1-5090-2279-3/16.
978-1-5386-2456-2/18/$31.00 ©2018 IEEE
1441