BLENDER - Bluetooth Low Energy discovery and fingerprinting in IoT

Bluetooth Low Energy (BLE) is a pervasive wireless technology all around us today. It is included in most commercial consumer electronic devices manufactured in last years, and billions of BLE-enabled devices are produced every year, including wearable or portable ones like smartphones, smart-watches and smartbands. The success of BLE as a cornerstone in IoT and consumer electronics is both an advantage, giving wireless communication potential in the short range at low cost and consumption, and a disadvantage, from a security and privacy standpoint. BLE exposes packets that enable a potential attacker to detect, enquire and fingerprint actual devices despite manufacturers attempts to avoid detection and tracking. MAC address randomization was introduced in the BLE standard to solve some of these issues. In this paper we discuss how to detect and fingerprint BLE devices, basing our analysis and data collection on GAP (Generic Access Profile) and GATT (Generic Attribute Profile) protocols and data that can be recovered from devices by interactions allowed by the standard. In our study we focus on the possibility of enumerating and creating fingerprints of discovered devices, for crowd monitoring and recognition purposes, associating BLE randomized MAC addresses to actual devices using computed fingerprints when GATT is exploitable. We describe how large scale data collection can be obtained using automatic scanning devices with long range communication hardware, to uplink collected data in cloud-based applications and to a data store.