{"id":4383,"date":"2019-11-14T15:34:00","date_gmt":"2019-11-14T15:34:00","guid":{"rendered":"https:\/\/www.beaconzone.co.uk\/blog\/?p=4383"},"modified":"2019-11-14T17:18:48","modified_gmt":"2019-11-14T17:18:48","slug":"whats-wrong-with-bluetooth-mesh","status":"publish","type":"post","link":"https:\/\/www.beaconzone.co.uk\/blog\/whats-wrong-with-bluetooth-mesh\/","title":{"rendered":"What&#8217;s Wrong with Bluetooth Mesh?"},"content":{"rendered":"\n<p>Researchers from TU Darmstadt, Germany have a new paper <a rel=\"noreferrer noopener\" aria-label=\"Toxic Friends in Your Network: Breaking the Bluetooth Mesh Friendship Concept (opens in a new tab)\" href=\"https:\/\/dl.acm.org\/citation.cfm?id=3338500.3360334\" target=\"_blank\">Toxic Friends in Your Network: Breaking the Bluetooth Mesh Friendship Concept<\/a> that looks into weaknesses in the security model underlying the Bluetooth mesh friendship mechanism.<\/p>\n\n\n\n<p>Friendship allows a low-power IoT device to go to sleep with a separate higher-power node caching packets until the lower power device wakes up. The paper provides an overview of friendship and the Friendship Security Material(FSM) unique to this type of communication.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"643\" height=\"533\" src=\"https:\/\/www.beaconzone.co.uk\/blog\/wp-content\/uploads\/2019\/11\/bluetoothmeshfriendship.png\" alt=\"\" class=\"wp-image-4384\" srcset=\"https:\/\/www.beaconzone.co.uk\/blog\/wp-content\/uploads\/2019\/11\/bluetoothmeshfriendship.png 643w, https:\/\/www.beaconzone.co.uk\/blog\/wp-content\/uploads\/2019\/11\/bluetoothmeshfriendship-300x249.png 300w\" sizes=\"(max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 984px) 61vw, (max-width: 1362px) 45vw, 600px\" \/><\/figure>\n\n\n\n<p>The researchers found three flaws in the Bluetooth friendship mechanism related to:<\/p>\n\n\n\n<ul><li>The possibility of eavesdropping on communication and selectively jamming based on size of the control messages.<\/li><li>The lack of protection of the friend security keys against an insider attack.<\/li><li>The possibility of misuse of Friend Clear messages to cause a form of denial of service attack through flattening the battery.<\/li><\/ul>\n\n\n\n<p>The paper includes a <a rel=\"noreferrer noopener\" aria-label=\"reference to tools (opens in a new tab)\" href=\"https:\/\/dev.seemoo.tu-darmstadt.de\/BT\/btlemesh\" target=\"_blank\">reference to tools<\/a> that demonstrate these problems and discusses possible mitigations.<\/p>\n\n\n\n<p>The Bluetooth SIG responded:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Compromise of the friendship relationship results only in a compromise of the availability of the low power node to the other nodes in the subnet.<\/p><p>It is the conclusion of the working group that the friendship relationship between an LPN and its friend within a mesh subnet is not intended to be secured against attack by a party already in possession of the network key.<\/p><p>It is the position of the Mesh Working Group and the Bluetooth SIG that neither scenario provides additional security risk for a user of the Mesh profile<\/p><\/blockquote>\n\n\n\n<p>In other words, the risks are appropriate to the level to which the mesh is expected to be used or attacked.<\/p>\n\n\n\n<p>We have yet to come across any devices using friendship. Friendship is an edge case that isn&#8217;t required in most instances. Also, most existing low power devices can&#8217;t be upgraded to use mesh due to the higher memory requirement of Bluetooth Mesh.<\/p>\n\n\n\n<p>Read about <a href=\"https:\/\/www.beaconzone.co.uk\/BluetoothMeshBeacons\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Beacons and the Bluetooth Mesh (opens in a new tab)\">Beacons and the Bluetooth Mesh<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers from TU Darmstadt, Germany have a new paper Toxic Friends in Your Network: Breaking the Bluetooth Mesh Friendship Concept that looks into weaknesses in the security model underlying the Bluetooth mesh friendship mechanism. Friendship allows a low-power IoT device to go to sleep with a separate higher-power node caching packets until the lower power &hellip; <a href=\"https:\/\/www.beaconzone.co.uk\/blog\/whats-wrong-with-bluetooth-mesh\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;What&#8217;s Wrong with Bluetooth Mesh?&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[183,157],"tags":[],"_links":{"self":[{"href":"https:\/\/www.beaconzone.co.uk\/blog\/wp-json\/wp\/v2\/posts\/4383"}],"collection":[{"href":"https:\/\/www.beaconzone.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.beaconzone.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.beaconzone.co.uk\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.beaconzone.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=4383"}],"version-history":[{"count":5,"href":"https:\/\/www.beaconzone.co.uk\/blog\/wp-json\/wp\/v2\/posts\/4383\/revisions"}],"predecessor-version":[{"id":4390,"href":"https:\/\/www.beaconzone.co.uk\/blog\/wp-json\/wp\/v2\/posts\/4383\/revisions\/4390"}],"wp:attachment":[{"href":"https:\/\/www.beaconzone.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=4383"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.beaconzone.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=4383"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.beaconzone.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=4383"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}