ABSTRACT

The objective of the paper is to investigate whether potential flaws exists in the communication between Simblee and mobile phones and make an attempt to find a way of defending. We managed to find certain flaws of the connection and DFU mode of Simblee, devise a program of protecting DFU mode based on Challenge-Response protocol, and give some instructions about the improvement of OTA_Bootloader library.

INTRODUCTION

Brief Introduction

The Simblee RFD77101(shown in Figure1) is a high performance, professional grade Bluetooth® Smart radio transceiver with a built-in ARM® Cortex M0 microcontroller that can be programmed using the simple-to-use Arduino IDE using Simblee extensions. Simblee is IoT for connecting Everyone and Everything (IoT4EE).

Security Issues

According to the official guide, the connection between Simblee and other devices through BLE is public and relatively transparent, which means the possibility exists that malicious person can hack into the process and cause security problem. However, few investigations about attacking the communication between Simblee and mobile phones have been found. The ignorance of the potential danger may cause the loss of personal properties. The probable vulnerability needs to be found out.

Purposes and Questions

In this investigation, we proposed to find out whether the communication is scannable or the messages transmitted was available. Furthermore, could we or could we not reprogram the Simblee remotely through hacking into the transmission using the the information that has been scanned. Finally, what was the implementable way to solve the problem if the attack mentioned above really took place in reality.

Investigations

Attacking the DFU Process

Before the connection with a particular device is established, all the peripherals can scan its signal and have the capability of initialize the connection(Figure2).

If the Simblee is turned into OTA programmable mode by sending the request(press the button), it will broadcast with a new name called “dfu targ”, which indicates its availability for the connection of the DFU controller. Presumably, the 15s broadcasting period is publicly recognizable and connectable, which indicates the scenario might exist in which the user sends a upload command but another user uploads the program. The result of our simulation reveals the flaw of the OTA_Bootloader library, which is the uploading process is transparent and publicly noticeable, indicating that loss might occur if the hacker executes the uploading process ahead of the user.

Defending

By adding the Challenge-Response protocol, we manage to refuse the malicious user’s request and permit the owner’ request.

Discussion

The prime objective of this project was to investigate whether the possibility exists that the process of communication between Simblee and other devices through BLE wireless technology hade any flaws or vulnerabilities, and if so we wanted to figure out a possible way to defend and protect the communication.

More information in our paper.Paper