BLEWhisperer: Exploiting BLE Advertisements for Data Exfiltration

TL;DR

This paper demonstrates how BLE advertisements can be exploited by attackers to exfiltrate data from devices without authentication, highlighting a new security vulnerability in BLE technology.

Contribution

The paper introduces a novel attack framework exploiting BLE advertisements for covert data exfiltration without prior pairing or authentication.

Findings

Exfiltration is feasible with limited data rate

Attack works on Android devices

Potential for more severe attack enhancements

Abstract

Bluetooth technology has enabled short-range wireless communication for billions of devices. Bluetooth Low-Energy (BLE) variant aims at improving power consumption on battery-constrained devices. BLE-enabled devices broadcast information (e.g., as beacons) to nearby devices via advertisements. Unfortunately, such functionality can become a double-edged sword at the hands of attackers. In this paper, we primarily show how an attacker can exploit BLE advertisements to exfiltrate information from BLE-enable devices. In particular, our attack establishes a communication medium between two devices without requiring any prior authentication or pairing. We develop a proof-of-concept attack framework on the Android ecosystem and assess its performance via a thorough set of experiments. Our results indicate that such an exfiltration attack is indeed possible though with a limited data rate. Nevertheless, we also demonstrate potential use cases and enhancements to our attack that can further its severeness. Finally, we discuss possible countermeasures to prevent such an attack.