Address Vulnerability in BLE

There are four types of addresses that can be used by a BLE device which are public addresses, random static addresses, private resolvable addresses and private unresolvable addresses. These can be described as:

1. Public address: These addresses are assigned by manufacturers and remain persistent for the life of the device.

2. Random static address: These are random addresses and can change on every power cycle of the device.

3. Private resolvable address: These are random address but a key is used to generate these addresses and the master having the key can only resolve these addresses. These addresses change after a fixed interval of time.

4. Private unresolvable address: These are random address but they don't use a key. Master can't resolve these addresses and they also change after a fixed interval of time.

The address of a BLE peripheral can be spoofed by the hacker to connect to master and act as a peripheral. That way master won't connect to the right device. Also, a hacker can spoof the address of a master to connect to the peripheral. Most of the peripherals have limitations of connecting to only one master, thus a peripheral connected to a spoofed master won't be able to connect the right master. So, address spoofing is an easy task for hackers to interrupt network.

On a vulnerability scale, public address is most vulnerable because due to the persistent nature of public address, the device can be an easy target for Man-in-the-middle (MITM) attacks. Private unresolvable addresses are least vulnerable because these addresses keep changing and can't be tracked by the hacker. But there are fewer use cases where private unresolvable addresses can be used because even the master can't track the device.

Leave a Reply

Your email address will not be published. Required fields are marked *