13. October 2022
Rfparty - a new way to see BLE
Today, Millions of IoT devices emit wireless BLE advertisements.
Rfparty is an app for exploring your wireless world. Built for educators, developers, cybersecurity specialist and the privacy minded to audit these BLE signals.
Is BLE Private?
BLE has become a major part of many people’s digital experience. But are these devices built with reasonable privacy? Today, there’s no way for consumers to know for sure, other than to read the media. And if recent headlines are a barometer, the state of BLE privacy is questionable.
While BLE has strong protections against eavesdropping and man-in-the-middle attacks, BLE retains one significant security challenge. How do users connect to their devices?
The most common solution that BLE devices employ, is to send out public broadcasts, announcing the devices existence. This way, the owner can “scan” for these public transmissions, and pair to establish a secure connection. A challenge for device privacy is, that many devices never stop sending out these public beacons. In fact, many BLE products work on entirely broadcast protocols, allowing anyone to learn about the user and their devices by simply listening to these unencrypted transmissions.
Today, low cost tracking devices use these simple BLE advertisements, combined with vast user bases to create an always on corporate surveillance network. This is great for the folks searching for their keys… but what data will their helpful scanning friends provide to these large corporations?
OEMs to the rescue?
When these devices are abused, can we really rely on the OEMs to provide adequate tools to detect their devices?
Today, Apple only provides comprehensive “always-on” privacy safeguards to Apple customers. Their solutions for Android users however are leaving many cyber security experts wanting better from the IoT industry. Other tracking device OEMs also face similar challenges in providing tracking protection for the general population.
“It’s pretty terrible”
So far Apple’s Android solution has earned a rare “It’s pretty terrible” from macworld. Meanwhile the Washington Post reached an alarming conclusion:
“Our test with a baby stroller finds it’s still too easy to stalk people with AirTags, Tiles and Samsung SmartTags — and no single company can fix it alone”
Trackers not the only privacy challenge
Ok, we get it, literal tracking devices are pretty good at tracking things! But the thing consumers don’t know, is that every BLE device has the potential to be tracked just like an AirTag.
In cities all over the world governments have already installed industrial wireless tracking solutions to do just this. Legally and in the case of Seattle, illegally.
How can rfparty help?
Auditing your BLE devices is the first step to understanding how to improve BLE security. Rfparty scans for public BLE advertisements and displays them on a map. A line is drawn between the locations where a device was first seen linking to where it was most recently seen.
In this demonstration, rfparty is used to audit the BLE behavior of a GoPro action camera. The app is left running in the background while the tester walks around a park. It was found that the GoPro sent beacons both when powered on, but also when visibly powered off. This enabled the rfparty app to partially reconstruct the portion of the user’s journey where the user’s movements may have been trackable via BLE.
Today rfparty supports a robust set of queries and is stable enough for the BLE curious to peer into these unseen systems. We hope to continuously improve the tool and bring more features to close the skills gap needed to audit wireless systems.
Rfparty is currently available for Android:
- Android - Google Play Store.
- Open Source version on github.