DEMO: Himiko: A human interface for monitoring and inferring knowledge on Bluetooth-Low-Energy objects

Guillaume Celosia 1, 2 Mathieu Cunche 1, 2
1 PRIVATICS - Privacy Models, Architectures and Tools for the Information Society
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services
Abstract : The Bluetooth Low Energy (BLE) protocol is being included in a growing number of connected objects such as smartphones, fitness trackers, headphones and smartwatches. As part of the service discovery mechanism of BLE, devices announce themselves by broadcasting radio signals called advertisement packets that can be collected with off-the-shelf hardware and software. To avoid the risk of tracking based on those messages, BLE features an address randomization mechanism that substitutes the device MAC address with random temporary pseudonyms. However, the payload of the advertisement packet still contains fields that can hamper the ran-domization mechanism by exposing counters and static identifiers. In addition to defeating the randomization mechanism, some of these fields can leak sensitive attributes of the owner such as his medical condition. As a consequence, we implemented Himiko to raise awareness about the privacy issues that the BLE advertising mechanism can involve. This tool aims to show the information that a passive eaves-dropper can infer by leveraging the contents of BLE advertisement packets. The advertising raw data are collected and processed from devices that have their Bluetooth interface enabled. The user is then shown the information that are leaking from his device.
Document type :
Poster communications
Complete list of metadatas

Cited literature [8 references]  Display  Hide  Download

https://hal.inria.fr/hal-02154148
Contributor : Mathieu Cunche <>
Submitted on : Thursday, June 13, 2019 - 10:19:08 AM
Last modification on : Friday, June 21, 2019 - 9:56:48 AM

File

himiko_WiSec_2019.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Guillaume Celosia, Mathieu Cunche. DEMO: Himiko: A human interface for monitoring and inferring knowledge on Bluetooth-Low-Energy objects. WiSec 2019 - 12th Conference on Security and Privacy in Wireless and Mobile Networks, May 2019, Miami, United States. ACM Press, pp.292-293, ⟨10.1145/3317549.3326297⟩. ⟨hal-02154148⟩

Share

Metrics

Record views

27

Files downloads

371