Identifying the BLE Misconfigurations of IoT Devices through Companion Mobile Apps

Bluetooth Low Energy (BLE) is widely deployed and has become the de-facto communication standard in the IoT ecosystem. Naturally, the security of BLE received much attention from both researchers and attackers. In another aspect, the BLE specifications provide the security guidelines for BLE deployments. Due to various reasons, the developers do not follow the guidelines in the implementation process, which introduces the misconfiguration issue. However, identifying these BLE mis-configurations in IoT device firmware is quite challenging. In this work, we do not handle the BLE-enabled devices directly. Instead, we focus on the security misconfiguration issues in their companion mobile apps, which can reflect the deployment conditions of the corresponding devices. Further, we designed an analysis tool - BSC-Checker to detect the misconfigurations based on pre-defined checking strategies. With BSC-Checker, we conducted large-scale experiments on 4,589 apps from multiple app markets. The result shows that the BLE configurations of most BLE apps disobey at least one security rule, and the current BLE deployment status is not optimistic.