Privacy Analysis of Samsungs Crowd-Sourced Bluetooth Location Tracking System

2025-05-02 0 0 1.06MB 23 页 10玖币

侵权投诉

Privacy Analysis of Samsung’s Crowd-Sourced Bluetooth

Location Tracking System

Tingfeng Yu

School of Computing

The Australian National University

Canberra, ACT, Australia

James Henderson

School of Computing

The Australian National University

Canberra, ACT, Australia

Alwen Tiu

School of Computing

The Australian National University

Canberra, ACT, Australia

Thomas Haines

School of Computing

The Australian National University

Canberra, ACT, Australia

ABSTRACT

We present a detailed privacy analysis of Samsung’s Oine Finding

(OF) protocol, which is part of Samsung’s Find My Mobile (FMM) lo-

cation tracking system for locating Samsung mobile devices, such as

Samsung smartphones and Bluetooth trackers (Galaxy SmartTags).

The OF protocol uses Bluetooth Low Energy (BLE) to broadcast

a unique beacon for a lost device. This beacon is then picked up

by nearby Samsung phones or tablets (the nder devices), which

then forward the unique beacon, along with the location it was

detected at, to a Samsung managed server. The owner of a lost

device can then query the server to locate their device. We examine

several security and privacy related properties of the OF protocol

and its implementation, from the perspectives of the owner, the

nder and the vendor. These include examining: the possibility

of identifying the owner of a device through the Bluetooth data

obtained from the device, the possibility for a malicious actor to

perform unwanted tracking against a person by exploiting the OF

network, the possibility for the vendor to de-anonymise location

reports to determine the locations of the owners or the nders of

lost devices, and the possibility for an attacker to compromise the

integrity of the location reports. Our ndings suggest that there

are privacy risks on all accounts, arising from issues in the design

and the implementation of the OF protocol.

CCS CONCEPTS

•Security and privacy →Mobile and wireless security

;Secu-

rity protocols.

KEYWORDS

Location Privacy, Mobile Devices, tracking tags, Bluetooth, Smart-

Tags

1 INTRODUCTION

Portable devices such as smart phones and tablets often come with

a feature that allows their owner to nd those devices when they

are lost, typically through the use of a web portal provided by their

vendors. For such a feature to work, the owner would have to grant

a permission for the device to share their locations periodically with

the vendor. Examples of such a lost-device nding feature include

Technical Report, 2023, ANU

2023. https://doi.org/XXXXXXX.XXXXXXX

Google’s Find My Device,

Samsung’s Find My Mobile (FMM)

and

Apple’s Find My.

A typical requirement for such a feature to work

is that the lost device must be connected to the internet so that it

can send its location report to a vendor server in the event that

its owner ags the device as lost. It often comes with additional

features such as playing sound on the device, locking the device or

wiping o its data remotely.

In recent years, mobile device manufacturers such as Samsung

and Apple have extended their lost-device tracking systems with

an oine nding (OF) feature, which allows a lost mobile device to

be found even when it does not have an internet connection. Both

Apple and Samsung OF features share two key features: the use of

Bluetooth Low Energy (BLE) for short range transmission of data

between devices of a vendor, and crucially, an extensive network

of (internet-connected) mobile devices (which we call nder de-

vices) that relay location information to a vendor controlled server.

We refer to the latter as the OF network. The basic idea is quite

simple: when a (lost) device loses its internet connection, it starts

broadcasting a unique beacon over BLE, which is then picked up by

nearby nder devices participating in the OF network, who then

forward the beacon and the location it is found to a vendor server.

In this work, we are mainly concerned with Samsung’s FMM Oine

Finding (OF) feature,

which was introduced in 2020. An owner

can track their devices’ locations through Samsung’s proprietary

"Find My Mobile" (FMM) application running in a Samsung mobile

device (e.g., a phone or a tablet), provided that the FMM feature is

enabled for the device.

In 2021, Samsung released the Galaxy SmartTag,

which is a

small BLE tracker that can be attached to various items, such as

bags, keys, etc., to keep track of their locations and to nd them

when lost. Unlike smart phones or tablets, SmarTags are designed

exclusively to be used as a tracking device, with no internet connec-

tivity. So they rely crucially on the OF network to allow for long

range location tracking (outside the range of BLE). SmartTags are

registered and controlled through SmartThings, which is an um-

brella control and management platform for a large variety of smart

devices and home appliances. OF is also supported for SmartTags

1https://www.google.com/android/nd/

2https://ndmymobile.samsung.com/

3https://support.apple.com/nd-my

4https://www.samsung.com/au/apps/nd-my-mobile/

5https://en.wikipedia.org/wiki/Samsung_Galaxy_SmartTag

arXiv:2210.14702v1 [cs.CR] 26 Oct 2022

Technical Report, 2023, ANU T. Yu et al.

using the "SmartThings Find" add-on which works in conjunction

with FMM.

At a basic level, devices in Samsung’s OF network can be catego-

rized into three roles: the owner device, the nder device, and the

lost device. A mobile device can be registered to the Samsung OF

network through the FMM app, while a SmartTag can be registered

through Samsung SmartThings app. Each registered device is linked

to the owner account under which it was registered from. When

a registered device loses internet connectivity, or in the case of

SmartTags, when it is out of the BLE range from its owner device,

it broadcasts certain data over BLE periodically. This data contains

a rotating identier, called the privacy ID, which is unique to the

lost device and which, in theory, can only be linked to its owner

by Samsung and the owner device. The nder devices consist of

both Samsung devices (phones and tablets), and some third parties’

devices with FMM enabled. An active nder device periodically

scans for BLE advertisements from nearby FMM devices and re-

ports the locations of those devices to a Samsung’s server. The

location reports of the lost devices will be downloaded onto the

owner device when the owner queries the locations of their lost

devices. The eectiveness of the OF feature depends on the size of

its OF network, i.e., the number of phones or tablets participating

in the network. In the case of Samsung OF network, it is estimated

to have around 200 million active nder devices [12] in 2022.

This paper describes in detail the design and the implementation

of Samsung’s OF protocol for FMM and SmartTags, and analyse its

security and privacy. We focus on the following research questions:

(RQ1)

Identication of an FMM device or a SmartTag. Can an FMM

device or a SmartTag be identied through its BLE data?

(RQ2)

Unwanted tracking. Can Samsung OF network be misused

for unwanted tracking of a person or an object by a party

other than Samsung?

(RQ3)

End-to-end location privacy. To what extent does the design

of the OF network protocol protect the location privacy of the

lost devices and the nder devices from the service provider

(Samsung)?

(RQ4)

Location report integrity. Is it possible for an actor (other

than the owner and the vendor) to forge a location report of

a lost device?

RQ1 centers around the privacy protection of the owner of an FMM

device or a SmartTag against (long term or short term) tracking

of their location through the BLE data emitted by the device, by

a third party adversary (other than the owner and the vendor).

RQ2 addresses a recent phenomenon, mostly associated with Apple

AirTags, where the tags were used by their owner to stalk a person

against their consent [

]. In this case the victim of an unwanted

tracking may even be someone who does not own any devices from

the vendor and thus not participating in the OF network. RQ3 raises

the question as to what extent Samsung is aware of the movement

of both the owners of the devices being tracked and the nder

devices. Whereas Apple advertised their OF network as providing

end-to-end privacy, in the sense that the service provider (Apple)

has no way of recovering the location information sent through its

OF network [

], Samsung provided no such claim as far as we are

aware of. RQ4 is more of a security (integrity) issue rather than a

privacy one. However, the possibility of disrupting location reports,

under the right circumstances, can act as an ad hoc measure for

addressing unwanted tracking (RQ2).

Summary of contributions. To the best of our knowledge, we are

the rst to provide a detailed analysis on Samsung oine-nding

protocols and its privacy issues. More precisely, our contributions

are the following:

•

We provide a comprehensive reverse-engineering of Sam-

sung OF protocols for both mobile devices and SmartTags.

This includes the registration protocols for SmartTags, the

cryptographic methods for generating unique identiers for

lost devices, the protocol for the nder devices to report

location information to Samsung, and the protocol for the

owners to query the location of their lost devices. This eort

allows us to answer denitively the research questions raised

above (RQ1 to RQ3).

•

We identied several vulnerabilities in both FMM and Smart-

Tags that would allow an attacker to link BLE packets ob-

served from a target device over multiple observations, through

BLE interactions only. This allows us to conclude denitively

that long term identication of a device or a tag (RQ1) is

possible through its BLE data only.

•

Through our analysis of the OF protocols, we managed to

impersonate completely a SmartTag to the OF networks.

This opens the possibility of creating a custom tracking de-

vice that can be tuned to circumvent potential anti-tracking

mechanisms by the vendor.

•

Our analysis also conrmed that unwanted tracking (RQ2)

is possible. This is, however, a rather easy observation as

Samsung (at the time of writing) only implements a very

basic anti-tracking mechanism that is targetted at observing

BLE data from SmartTags. Given our result above, it is quite

straightforward to circumvent this detection by crafting a

custom tracking device leveraging Samsung’s OF network.

•

Our analysis of the registration process and the location

report/querying protocols suggests that the vendor does in-

deed possess the information needed to link an account to a

location report, so currently Samsung OF network does not

guarantee end-to-end privacy for their users (RQ3). More-

over, the vendor server does not appear to check the integrity

of the location reports, opening it to manipulation by third

parties to forge the location reports (RQ4).

Coordinated disclosure

We have reported our ndings related to RQ1, RQ2 and RQ4 to

Samsung in late January 2022. One of the issues we raised concerns

the small pool of privacy IDs being used for FMM BLE packets,

which has now been publicly acknowledged and assigned SVE-

2022-0126 ("Improper identier creation logic in Find My Mobile ")

and registered as CVE-2022-33707 at MITRE. Samsung claimed that

they have xed this issue in the July 2022 update to the FMM app,

however at the time of writing, we have not yet tested whether the

x addresses the issues related to RQ1. Samsung has also issued us

a bug bounty reward for this report. The issues aecting SmartTags

have not yet been completely resolved. Samsung claimed they have

addressed some of the issues we raised in a rmware update to

SmartTags, but we have not yet performed detailed analysis on the

Privacy Analysis of Samsung’s Crowd-Sourced Bluetooth Location Tracking System Technical Report, 2023, ANU

updates. Samsung did conrm that they would not x the issue of de-

anonymisation through BLE DFU mode (see Section 5.1.3) as they

claimed it would interfere with their device rmware download

and update process at their repair centre. We have allowed ample

time for Samsung to address these issues, exceeding the industry

standard of 90-day embargo period, hence the publication of these

details.

Related work

We now provide a literature review on existing security and privacy

analysis of Samsung and Apple’s Bluetooth trackers, Oine Finding

(OF) networks, continuity protocols, and other relevant products

that implement Bluetooth technology.

Apple’s Oine Finding Network. The closest to our work is the

security and privacy analysis of Apple’s FindMy oine-nding net-

work by Heinrich, et. al. [

]. Their study uncovered two design and

implementation aws outside Apple’s adversary model that could

lead to location correlation attacks and unauthorized access to lo-

cation histories of the past week. They reverse-engineered FindMy

protocols and showed that one could create custom tracking devices

leveraging on the FindMy network through their OpenHaystack

framework.6

Samsung FMM App. Researchers at Char49 discovered several

vulnerabilities [

] in an earlier version of Samsung FMM app, al-

lowing, among others, a malicious app installed in the phone to

manipulate the URL endpoint accessed by the FMM app, and to ac-

cess unprotected broadcast receivers in the FMM app. This analysis

was done prior to the introduction of the oine-nding features to

FMM, so it did not cover the OF related vulnerabilities.

Hardware and rmware security of AirTags and SmartTags. Both

Apple AirTags and Samsung SmartTags are implemented using

the nRF52 series of System on Chips (SoC). The nRF52 series have

been used for a wide range of Internet of Things (IoT) devices; they

support a variety of wireless communication protocols, such as

Bluetooth LE and Bluetooth Mesh. However, the nRF52 series chips

are known to be vulnerable to power glitching attacks. AirTags use

the nRF52832 chip for BLE and Near Field Communication (NFC)

connectivity. Roth et. al. analysed the hardware and the rmware

security of AirTags, and documented AirTags’ communication pro-

tocols in detail [

]. The main rmware of the AirTag was extracted

through voltage glitching attacks on its nRF chip. By reprogram-

ming the rmware and changing the conguration data, they were

able to

•

modify the internal behavior of AirTags, including cloning

an AirTag, customizing the soundset of the AirTag, using

the AirTag’s accelerometer as microphone;

•

change the BLE and NFC behavior of AirTags which can

potentially be exploited for malicious purposes.

By instrumenting the iPhone-AirTag interface, they were also able

to unlock undocumented commands and features on AirTags over-

the-air without hardware modication.

Galaxy SmartTags use the Nordic nRF52833 chip. Luca Bongiorni

exploited a voltage fault injection vulnerability on the nRF52833

6https://github.com/seemoo-lab/openhaystack

chips to dump the rmware of SmartTags and released the dumped

rmware images and information related to the attack,

although

as far as we know the author did not attempt a reverse engineering

of the OF protocol for SmartTags.

Bluetooth trackers from other vendors. Apple and Samsung are

relatively newcomers when it comes to bluetooth tracking dvices.

There were already a number of bluetooth trackers in the market

prior to the introduction of AirTags and SmartTags, notably the

Tile tracker; see Weller et. al. [

] for a recent survey on these

trackers. Weller et. al. also presented a detailed analysis of the secu-

rity and privacy aspects of various commercial Bluetooth trackers,

including Nut, Smart Tracker, Tile, Musegear nder, iTrackEasy,

Cube Tracker, Keeper, iTracing, iSearching, and FindELFI, focusing

on the interactions of these nders, their associated mobile apps

and the backend cloud servers for crowdsourced location tracking.

However, they did not analyse the privacy issues arising from the

BLE protocols used in these trackers.

Anti-Tracking Technologies. Apple’s FindMy network consists of

hundreds of millions of active devices, which has raised a concern

on whether an attacker can abuse the network for malicious track-

ing. Apple has developed and implemented an in-built anti-tracking

framework, which would send users a safety alert if it is detected

that they have been followed by an unknown FindMy tracker.

In 2021, Mayberry et al. analysed the eectiveness of Apple’s

in-built anti-tracking mechanisms, then developed and conrmed

three techniques to defeat the mechanisms [

]. The rst technique

is Bit Flipping. The OF advertisement data of FindMy supported

devices follows a xed structure, where type of the device is stored

in byte 2 of the advertisement data. Mayberry et al. found that when

byte 2 is set to 0x00, which indicates that the device type is iPhone,

FindMy would not report the device as a tracker regardless of its

tracking period and distance. A legitimate FindMy device broadcasts

OF data containing a rolling key shared between the owner and the

device when it is away from the owner and performs MAC address

randomization and advertisement data rotation in-sync every 24

hours. The other two techniques are both based on frequent Key

Rotations to prevent anti-tracking algorithms from identifying a

tracker device based on the key. The dierence is that in the second

technique, a new key is selected from a large pre-generated set

of valid keys when rotating the advertisement data. In the last

technique, each new key is generated deterministically using the

rolling key generation algorithm used by FindMy devices. Mayberry

et al.’s study has shown that the iOS tracking detection is unable to

detect FindMy trackers with fast advertisement payload rotations

or mark devices broadcasting OF data in the lost iPhone format as

trackers. Therefore, an adversary can easily bypass Apple’s anti-

tracking mechanism by customizing a Bluetooth capable device

that implements either of the above techniques and track a target

without being detected.

AirGuard is an anti-tracking application designed and developed

by researchers from SEEMOO lab [

]. AirGuard is an open-sourced

Android application that was mainly designed to protect Android

users from BLE trackers that leverage on Apple’s OF network. The

experiment results show that AirGuard achieved a higher success

7https://github.com/whid-injector/Samsung-SmartTag-Hack

Technical Report, 2023, ANU T. Yu et al.

rate, a lower false positive rate, and lower notication delay in iden-

tifying and reporting trackers under various tracking scenarios in

comparison to Apple’s in-built anti-tracking feature. The AirGuard

categorizes devices into 5 types: Apple device, Airpod, FindMy ac-

cessory, AirTag, and Tile tracker. At the time of writing, AirGuard

does not yet support detection of SmartTags.

Analysis of Apple’s Continuity Protocols. Continuity protocols are

underlying protocols used for Apple’s continuity services, which

aim to allow dierent devices within Apple’s ecosystem to share

data seamlessly. The protocols rely on BLE for data exchange.

Celosia et. al. [

] reverse engineered Apple’s continuity protocols

and uncovered several implementation issues that can be used for

passive and active tracking attacks, including: broadcast of Blue-

tooth data on identity addresses, infrequent randomization of MAC

addresses, identiers and other sensitive information contained in

BLE advertisement data. Martin et. al. [

] discovered that the BLE

advertisement of HandO messages in the continuity protocols

contains a predictable incremental sequence.

These found issues would result in privacy leaks with severity

ranging from low (e.g., leakage of battery level) to high (e.g., leak-

age of phone number in plaintext) and defeats the anti-tracking

provisions in BLE as the leaked data can be used by an adversary

to perform long-term tracking of a device passively.

General BLE Related Security and Privacy Issues. A Bluetooth de-

vice can be uniquely identied by its Bluetooth MAC address. There-

fore, to avoid long-term tracking of a Bluetooth device, vendors

often implement anti-tracking mechanisms, such as randomization

of a device’s Bluetooth MAC address periodically.

However, multiple privacy issues have been found in the current

implementations of BLE advertising mechanism and GATT proles

content of Bluetooth devices, which can be utilized to defeat such

anti-tracking mechanisms or to retrieve sensitive information that

could aect the owner of the device.

Celosia et. al. analysed the data exposed in the GATT proles

based on a large dataset of GATT proles collected in daily envi-

ronments [

]. It was shown that content of a GATT prole may

contain identiers or diverse data that act as a ngerprint of the

device, which allows long-term tracking of a Bluetooth device re-

gardless of the MAC address randomization. The result has also

shown that the data exposed within a GATT prole may contain

sensitive information to be inferred, such as health data, which

would violate the privacy of the device owner.

Celosia et. al.’s privacy analysis on the current implementations

of BLE advertising mechanism has shown multiple common imple-

mentation mistakes that could result in privacy threats to the device

or the device’s owner [

]. (1) Many devices still use a stable Blue-

tooth MAC address, which is vulnerable to long-term tracking. (2)

Devices that implements MAC address randomization may contain

unique data in the BLE advertisement packets that allows the device

to be identied and tracked. (3) The interval of the MAC address

randomization exceeds the recommended maximum duration of 15

minutes.

Outline

The remainder of the paper is structured as follows: We give a brief

overview of some basic cryptographic operations related to Sam-

sung’s OF protocols in Section 2. In Section 3 and 4, we present the

technical details of OF protocols for FMM and SmartTags that result

from our reverse engineering eorts. In Section 5, we perform a

security and privacy analysis on Samsung’s OF feature based on our

ndings discussed in previous sections and list each vulnerabilities.

Finally, Sections 6 and 7 concludes our work with a discussion of

the impact.

2 BACKGROUND

This section gives a very brief overview of the relevant crypto-

graphic functions used in the Samsung OF protocols and some

basic concepts related to BLE.

2.1 ECDH key exchange and AES block cipher

There are two main cryptographic constructions used in the OF

protocol: the Elliptic-curve Die-Hellman (ECDH) key exchange

protocol and the AES block cipher and its associated encryption

modes. The ECDH protocol is a key exchange protocol that allows

two participants in a protocol, without a prior shared secret, to

derive a common secret, that can be used to derive other keys,

e.g., for encryption or for message authentication. The AES block

cipher is a symmetric encryption algorithm that is widely used for

data encryption, and as a building block for other cryptographic

functions. We explain briey each of these constructions. For further

details, we refer the interested reader to [

] (for ECDH) and [

]

for the AES algorithm.

The ECDH builds on the Die-Hellman key exchange proto-

col [

], where the underlying group operations are dened over

an elliptic curve. For our purposes, an elliptic curve (EC) is a

plane curve over a nite eld

𝐹𝑞

. It can be dened by the set

of points

(𝑥, 𝑦) ∈ 𝐹𝑞×𝐹𝑞

that satises the Weierstrass equation

𝐸

𝑦2+𝑎1𝑥𝑦 +𝑎3𝑦=𝑥3+𝑎2𝑥2+𝑎4𝑥+𝑎6

, if certain conditions

hold [

]. Given an EC point

𝑃

and a scalar

𝑘

, scalar multiplication

𝑘𝑃 =𝑄

can be computed in a few steps using a combination of

scalar multiplication and point addition. In contrast, computing the

discrete logarithm

log𝑃(𝑄)

, such as the reverse operation: nding

𝑘∈𝑍

such that

𝑄=𝑘𝑃

is hard and considered infeasible when a

suciently large nite eld

𝐹𝑞

and a curve with carefully selected

domain parameters were used. This asymmetry in the computa-

tional complexity encodes the security assumption for elliptic curve

cryptography (ECC), where the security level is based on the dif-

culty of solving the Elliptic Curve Discrete Logarithm Problem

(ECDLP).

In ECC, a private key 𝑘is an integer. The corresponding public

key

𝑃

is computed by

𝑃=𝑘𝐺

, where

𝐺

is the generator point, a

special pre-dened EC point that any point in its EC subgroup can

be generated by scalar multiplication of

𝐺

;

𝑝

is the order of the

curve, which denes the nite eld 𝐹𝑞the curve is over.

ECC is often combined with the traditional Die-Hellman proto-

col for establishing shared keys over public channels. A simple key

exchange procedure using Elliptic-curve Die–Hellman (ECDH)

can represented as follows:

•

The generator point

𝐺

and the order

𝑝

are public parameters.

Privacy Analysis of Samsung’s Crowd-Sourced Bluetooth Location Tracking System Technical Report, 2023, ANU

•

Peer A has a private key

𝑎

and the corresponding public key

𝐴=𝑎𝐺

. Peer B has a private key

𝑏

and the corresponding

public key 𝐵=𝑏𝐺.

•

Public key exchange: Peer A and B exchange their public

keys over an authenticated public channel.

•

Shared key computation: Peer A then uses the public key

𝐵

from peer B and the private key

𝑎

to arrive the secret key

𝐴𝑘𝑒𝑦 =𝑎𝐵 =𝑎𝑏𝐺

. Peer B performs the same computation

process using private key

𝑏

and peer A’s public key

𝐴

, which

would produce the same key 𝐵𝑘𝑒𝑦 =𝑏𝐴 =𝑎𝑏𝐺 =𝐴𝑘𝑒𝑦 .

Samsung’s OF implementation of ECDH uses the elliptic curve

Curve25519 [

], which was designed to achieve high speeds at

computation without compromising the security strength. It is

dened by the Montgomery equation

𝑦2=𝑥3+

486662

𝑥2+𝑥

over

the prime eld of order 2255 −19 with a generator point 𝐺=9.

The Advanced Encryption Standard (AES) algorithm [

] is a

symmetric cipher, which means that the same key is used for the

encryption and decryption process. Hence, the same cryptographic

key must be shared between the sender and the recipient in or-

der for them to communicate securely. AES oers cryptographic

keys with size 128, 192 and 256 bits. The cipher encrypts/decrypts

plaintext/ciphertext in blocks of 128 bits data.

AES, like all block-ciphers, has multiple standardized mode of

operations, where each mode describes a way to apply the single-

block operation of the cipher to securely transform data longer

than the block size. To encrypt data that is not in blocks of 128 bits

using AES, the padding process must be applied to the last block

to extend the data to a multiple of the block size. Samsung’s FMM

and SmartTags implements AES CBC mode cipher with PKCS#7

padding scheme [

] to encrypt/decrypt data for various OF related

operations. If the last block of a plaintext has a length of 16

−𝑛

bytes,

the PKCS#7 standard species that

𝑛

bytes need to be appended to

the plaintext, where each padded byte has a value of 𝑛(in hex).

The CBC encryption mode uses a 128-bit initialisation vector

(IV), that is often used to introduce some nondeterminism in the

ciphertext. Given a plaintext with

𝑛

blocks (

𝑃0, . . . , 𝑃𝑛−1

), an IV and

an encryption key

𝑘

, the CBC mode produces the ciphertext blocks

𝐶0, . . . ,𝐶𝑛−1as follows:

𝐶0=𝐸𝑘(𝑃0⊕𝐼𝑉 )

𝐶𝑖=𝐸𝑘(𝑃𝑖⊕𝐶𝑖−1),for 𝑖∈ [1, . . . , 𝑛)

where

𝐸𝑘

refers to the AES blockcipher algorithm with key

𝑘

and

⊕

refers to the bitwise exclusive-OR (XOR) operation. The IV is

XORed with the rst block of plaintext (

𝑃0

) to introduce some non-

determinism. Then it is encrypted to create the rst ciphertext block

(

𝐶0

). Each subsequent plaintext block (

𝑃𝑖

) is XORed with the pre-

vious ciphertext block (

𝐶𝑖−1

) then encrypted using the encryption

key.

The AES algorithm is also used in the Bluetooth Low Energy

(BLE) Specication for key generation, which will be discussed in

Section 2.2.4.

AES-CBC can also be used as a Message Authentication Code

(MAC) in which case the IV should be xed, or at least unpredictable

and uncontrolled by the adversary, and care must be taken to pre-

vent message extension attacks. The use of AES-CBC in OF is very

strange as well shall elaborate on later. It is congured in such a

way that it is neither used in a standard manner for encryption nor

authentication and hence provides dubious security for both pur-

poses. Given that underlying hardware did support authenticated

encryption modes, we are mystied as to why Samsung decided to

use AES-CBC in such a non-standard way.

2.2 Bluetooth Low Energy (BLE)

SmartTags uses Bluetooth Low Energy (BLE) [

] for data trans-

mission. BLE is a wireless communication technology designed for

short-range data transmission. It has been widely applied to small

battery-powered devices that do not require continuous streaming

of data, such as tness trackers and smartwatches.

2.2.1 BLE protocol stack. The protocol stack of BLE can be broken

down into three blocks: application, host, and controller. The Appli-

cation is the highest layer in the protocol stack, it is responsible for

the data handling, application logic, and human-machine interface.

The architecture is dependent on the specic use-case and imple-

mentation. The Host is a software stack that consists of the upper

layers and proles in the BLE protocol stack. Each prole denes

ways for certain protocols in the stack to interact with each other

or work together. The Controller is a subsystem that consists of

the lower layers in the protocol stack. It is responsible for gener-

ating/receiving, modulation and demodulation of RF signals. This

section will provide details on the two proles contained in the

Host block, which are the Generic Attribute Prole (GATT) and

the Generic Access Prole (GAP).

GAP provides guidelines for the advertising and connection

functionalities that any BLE implementations must follow. A BLE

device needs to operate in one or more roles to participate in the

BLE network, and it may operate in multiple roles simultaneously.

These roles are:

•

Advertiser: a device that sends out BLE data that is available

to any nearby Bluetooth capable devices.

•

Observer: a device that listens to BLE advertisement data

and may process the data from Advertisers. An observer is

not connected to any advertisers.

•

Central: A central is a device that initiates a connection

after rst receiving advertisement data from an advertising

peripheral. A central can connect to multiple peripheral

devices.

•

Peripheral: A peripheral is a device that advertises BLE data

to announce its presence to the centrals and accepts the

incoming connection from a central. Upon connection, the

peripheral device stops broadcasting BLE data and remains

undiscoverable throughout the connection.

GATT denes how data is organized and exchanged over an

established connection between BLE devices. It is build on top of

Attribute Prole (ATT) protocol that provides the mechanisms for

data exchange in the form of “attributes". An attribute is dened by

a 4-byte handle, a 128-bit UUID, a set of permissions, and a value.

The attribute handle is used as the identier to access the attribute

value. The UUID species the type of data the attribute contains.

GATT extends ATT by dening dierent types of attributes to

provide a hierarchical structure for organising user data, which in-

clude services, characteristics, and descriptors, as detailed in Figure

文档加载中……请稍候！
如果长时间未打开，您也可以点击刷新试试。

下载文档到电脑，查找使用更方便

10 玖币 0人已下载

立即下载

摘要：

PrivacyAnalysisofSamsung’sCrowd-SourcedBluetoothLocationTrackingSystemTingfengYuSchoolofComputingTheAustralianNationalUniversityCanberra,ACT,AustraliaJamesHendersonSchoolofComputingTheAustralianNationalUniversityCanberra,ACT,AustraliaAlwenTiuSchoolofComputingTheAustralianNationalUniversityCanberra,A...

展开>> 收起<<

Privacy Analysis of Samsungs Crowd-Sourced Bluetooth Location Tracking System.pdf

共23页,预览5页

还剩页未读，继续阅读

声明：本站为文档C2C交易模式，即用户上传的文档直接被用户下载，本站只是中间服务平台，本站所有文档下载所得的收益归上传人(含作者)所有。玖贝云文库仅提供信息存储空间，仅对用户上传内容的表现方式做保护处理，对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私，请立即通知玖贝云文库，我们立即给予删除！

Privacy Analysis of Samsungs Crowd-Sourced Bluetooth Location Tracking System

相关推荐

开通VIP享超值会员特权

作者详情

相关内容

热门标签

举报选择: