SlideShare a Scribd company logo

THAT_2023_BLE.pdf

R
Robin Schroeder

Robin Schroeder gave a presentation on Bluetooth technologies. They began with an introduction and background on Bluetooth, including its history and how it works. They then discussed Bluetooth Classic and how it is used for streaming audio. The presentation covered Bluetooth Low Energy in detail, including beacons, asset tracking, communication profiles, and connecting and pairing. Robin also discussed Bluetooth Mesh networking and provided examples of how it could be used. They concluded with information on Bluetooth specifications, tooling for development, and directions for further learning.

Technology
1 of 76
Download to read offline
ALL THINGS BLUETOOTH LOW ENERGY ROBIN SCHROEDER @RTSCHROEDER THAT CONFERENCE, WISCONSIN, JULY 2023
Robin Schroeder @RTSchroeder o BS in taxonomic botany 1999 o Writing code since 1998 o Java → C# 2008 o Started with Xamarin 2015 o Bluetooth Mesh and BLE 2018 o Currently work at Mercury Marine o Packt Technical Reviewer o Hobbies: Guitar, Ancestry, DAR myoctocat.com
WHAT IS BLUETOOTH?? HOW DOES IT WORK? HISTORY
WHAT IS BLUETOOTH? •A wireless technology standard using UHF radio waves to exchange data between devices in a piconet. •Bluetooth SIG (Special Interest Group) 38,000+ member companies
HOW DOES IT WORK? HARDWARE • Bluetooth Chip with Antenna “Radio” • Many can broadcast and receive • Many run on very little power SIGNAL • Frequency Hopping: changing 1,600 times per second • Short range, ~ line of sight
A LITTLE HISTORY • “Short-Link” radio technology (1989) Ericksson Mobile in Sweden for wireless headphones • IBM wanted to integrate mobile phones with ThinkPads (1997) • Both companies worked together to make it an OPEN INDUSTRY STANDARD • Ericsson wireless headsets (1999) & phones (2001) • IBM ThinkPads (2001) https://en.wikipedia.org/wiki/Ericsson_T39
A LITTLE MORE HISTORY • Jim Kardach (Intel, 1997) happened to be reading a book about Viking history • Harald Bluetooth – Danish & Norwegian King (~958AD) and Viking raider • May 1998 Bluetooth SIG launched King Harald Bluetooth united the Danish tribes into one kingdom. Bluetooth unites communication protocols.
ONE MORE THING… • The son and successor to King Harald Bluetooth: Sweyn Forkbeard. Gabeldorsche is German for Forkbeard(s). • Google used the name “Gabeldorsche” (gd for short) for their new Bluetooth stack, available as a developer-only option in Android 11 and 12, and then enabled by default in Android 13. https://en.wikipedia.org/wiki/Sweyn_Forkbeard For details: https://cs.android.com/android/platform/superproject/+/master:s ystem/bt/gd/docs/architecture/architecture.md?q=Gabeldorsche
https://www.bluetooth.com/2022-market-update/
BLUETOOTH TECHNOLOGIES Classic Bluetooth (BR/EDR ) 1:1 Basic Rate/Enhanced Data Rate - Wireless headsets, speakers, etc. Bluetooth Low Energy (BLE or LE) 1:1 or 1: Many Fitness trackers, medical equipment, beacons, asset tracking Bluetooth Mesh Many : Many Lighting systems, sensor monitoring, automation systems, etc.
BLUETOOTH PICONET Phone Laptop Speaker Headset Car • Classic or BLE hardware • Max of 7 peripheral devices at one time • Up to 255 ‘parked’, inactive devices • Security is not required • Piconets can share peripherals
BLUETOOTH CLASSIC AKA BR/EDR…
BLUETOOTH CLASSIC == STREAMING Headsets Hearing Aids Car Audio BT Speakers Video - Chromecast
DECODING BLUETOOTH PHONE SPECS PIXEL 6 PRO • Bluetooth Radio & Software v5.2 • BT Classic (understood) • BLE (aka LE) • A2DP: Advanced Audio Distribution Profile – for streaming music from phone to car • aptX HD: Qualcomm codec for transmitting high quality audio https://www.gsmarena.com
BLUETOOTH LOW ENERGY AKA Bluetooth Smart, BLE or just LE…
BLE COMMUNICATION PROFILES GAP & GATT
BLUETOOTH GAP GAP = GENERIC ACCESS PROFILE • Advertising • Connection management • Four device roles for BLE communications: • Broadcaster/Observer • Peripheral/Central
BLE BEACONS • Small BLE radios can constantly emit pings that include a link or a short message. • Often stationary • Often battery powered • GAP messages • No connection required • ONE-WAY Communication
BEACONS SOFTWARE & PROTOCOLS • Eddystone (google 2015, open source) • iBeacon (Apple, 2013)
CROWD SOURCED ASSET TRACKERS • Small BLE radios that constantly emit pings that include a link or a short message. • NOT Stationary • Often battery powered • GAP messages • No connection required • Usually, ONE-WAY Communication
TILE • Used all users who had the tile app installed. • Those phones funnel the BLE broadcast messages up the the cloud along with the GPS coord of the PHONE. • Tile itself has no spatial awareness.
APPLE AIR TAGS • Uses BLE to transmit its location to nearby iPhones • Croudsourcing massive fleet of all iPhones running recent software • Precision Tracking “Spatial Awareness” • iPhone 11 and later • Apple-designed U1 chip uses Ultra Wideband (UWB) technology • Apple Watch series 6 & later • AirDrop • AirTag
ASSET TRACKING SECURITY • Dec 2022 Class Action Lawsuit against Apple for negligence – Air Tags being used for stalking • May 2023 Apple, Google, and other industry folks started putting together a specification for asset tracking and security. • Apple released an Android App to help Android users detect when an Air Tag is nearby.
SAMSUNG SMARTTAG (& PIXEL?) • Leverages the network of all Samsung Galaxy phones • Only works with Galaxy phones • For close range, uses BLE directly with the phone. • Does not use UWB. • Version 2 expected soon, using BT 5.3 • Google Pixel quietly included a UWB chip starting in the Pixel 6 Pro. Some folks think they will be introducing an asset tracker as well. That, AND google is in on the spec.
BLUETOOTH GATT GATT = GENERIC ATTRIBUTE PROFILE • System of data organization and data transfer • A Bluetooth device (server) exposes data as Attributes, broken down into Services and Characteristics. • Characteristics & Services have UUIDs • Requires an established connection Profile Service 1 • Characteristic • Properties • Value • Descriptor • Characteristic • Properties • Value • Descriptor Service 2 • Characteristic • Properties • Value • Descriptor • Characteristic • Properties • Value • Descriptor
CONNECTING, PAIRING & BONDING • BT Connection (Classic or BLE): Two devices have agreed on communicating in an unencrypted fashion. Encrypted: • Pairing: Exchanging the security keys and other information needed to establish an encrypted conversation. • Bonding: The keys generated during pairing need to be stored and used in subsequent bonded connections. • Forget a Paired Device: One of the devices deletes the pairing key used for a bonded connection and the pairing process needs to happen again.
BLUETOOTH GATT HTTPS://WWW.BLUETOOTH.COM/SPECIFICATIONS/SPECS/?TYPES=ADOPTED • Health Care • Heart Rate Profile • Health Thermometer Profile • Glucose Profile • Sports and Fitness • Running Speed and Cadence Profile • Cycling Speed and Cadence Profile • HID • Wireless mice and keyboards • Battery • Battery charged levels and stats
TINKERING BLUETOOTH SIG DATA PROFILES
FITNESS TRACKERS • Bluetooth Low Energy (BLE) • Require a connection • No bonding (usually) • Often, a mix of following the spec and creating their own custom BLE Characteristics.
Bluetooth 1, 2.0, 2.1, 3 Classic 1999-2009 Bluetooth 4 & 4.2 Classic BLE 2010-2015 Bluetooth 5 & 5.1 Classic BLE Mesh 2016-2019 Bluetooth 5.2 & 5.3 Classic BLE Mesh LE Audio 2020-2023
BLE RADIO SPECS https://blog.nordicsemi.com/getconnected/things-you-should-know-about-bluetooth-range Bluetooth 4.0 Bluetooth 4.2 Bluetooth 5 Release Date October 2011 December 2014 December 2016 First Phone iPhone 4S Samsung Galaxy S8, iPhone X Range (indoors) 10 - 50m ~50m 240 - 400m Max Range (outdoors) ~100m ~100m 1,000m Max Data Rate 1 Mbit/s ~1 Mbit/s 2 Mbit/s Application Throughput Up to 305 kbit/s Up to 800 kbit/s Up to 1,360 kbit/s
https://www.audio-technica.com/en-us/support/audio-solutions-question-of-the-week-what-causes-bluetooth-interference/
https://www.bluetooth.com/2022-market-update/
BLUETOOTH MESH
BLUETOOTH MESH Hardware Required: BLE 4.2 or 5 radio, in each device Software Required: Implement the Mesh Specification BLE devices communicating many to many. Security is REQUIRED. Phones are “Configuration Clients”: they can configure and listen to messages in the network.
MANAGED FLOOD MESH NETWORK • Broadcast messages have a TTL (Time to Live) • Sequence numbers help weed out processing repeat messages • Subnets allow for partitions
INDUSTRY EXAMPLES BLUETOOTH MESH
MESH ARCHITECTURE
EXAMPLE MESH NETWORK
Chicago Marathon 26 Mile route 3 waves and 12 Corrals of runners 2019 – 45,956 runners finished 6.5 hours max Runners • pace, splits, official time and place Organizers • alerted of dangerous heart rates • eliminate cheaters Fans • current runner position and stats
Each wrist/armband periodically publishes The runner’s id and heart rate. Node’s Identifier Heart Rate Length 4 bytes 1 byte Hex 0x00003039 0x5f Dec 12,345 95 bpm
Azure DB Public App for fans and runners Each runner wears a relay node wristband
SECURITY
BLUESNARFING • Theft of contacts, calendar data, email and texts message from a discoverable Bluetooth device. • Connect to a GATT service which doesn’t require authentication
BLUEBUGGING By pretending to be a BT headset, hackers use all phone features: intercepting phone calls, sending messages, reading phonebooks and calendars.
BLE SPOOFING ATTACK (BLESA) Exploits the reconnection process • Authentication during device reconnection is optional • Authentication verification can be skipped by the IoT device BLESA: Spoofing Attacks against reconnections in BLE
REPLAY ATTACK Re-publishing obfuscated, encrypted messages into the network to invoke a repeat of the action the message originally caused. Message Sequence Numbers
TRASH CAN ATTACK Harvesting of keys or passwords from devices that have been removed from a network. Mesh: Key Refresh Procedure
MAN IN THE MIDDLE Third party, in between source and destination, listening in to communications. BONDING Mesh: Asymmetrical Cryptography, Elliptic Curve Diffie-Helman (ECDH) key agreement protocol
TOOLING
BEST PLATFORM FOR WRITING BLE HEAVY CROSS PATFIRM MOBLE APPS? • Xamarin/ .Net MAUI • Write the iOS and Android specific bits in the same language (C#) • C# is a fully featured, well worn path • iOS and Android BLE code operates on the native objects • Multi threaded • Lots of infrastructure, community involvement, backed by Microsoft • All other code is shared – like the tedious bits that parse/build the byte code
From Nordic Semiconductor TOOLING: NRF CONNECT
TOOLING: WIRESHARK & DRIOD
TOOLING: MAC PACKET LOGGER LIVE Bluetooth logs… as they happen
TOOLING: BLUETOOTH FOR IOS PROFILE https://www.bluetooth.com/blog/a-new-way-to-debug-iosbluetooth-applications/ Must reinstall every four days…
TOOLING: “SNIFFERS” BLE PROTOCOL ANALYZER Passively listen to Bluetooth traffic • Adafruit Bluefruit LE Sniffer (BLE 4.0) • Sodera LE Bluetooth Protocol Analyzer
TOOLING: FARADAY BOX/BAG Block BLE and WiFi traffic to/from a device
YES! YOU CAN MOCK BLE DEVICES!!!
WHERE NEXT?
SEARCH FOR “BLE” PHONE APPS
BEST BLE BOOK EVER
READ THE BLE SPEC!
BLE MESH SPECIFICATION DOCS WWW.BLUETOOTH.COM/SPECIFICATIONS/MESH-SPECIFICATIONS
SOFTWARE FOR BT MESH Bluetooth SIG Study Guides • Nordic Semiconductor Thingy 52 boards • https://www.bluetooth.com/bluetooth-resources/?types=study-guide
HARDWARE & FIRMWARE FOR BT MESH ZEPHYR Project • Open Source RTOS • Supports the BT Mesh Specification • https://docs.zephyrproject.org/latest/getting_started/index.html
Questions?
THAT_2023_BLE.pdf
THAT_2023_BLE.pdf

Recommended

Wireless personal area networks(PAN)
Wireless personal area networks(PAN)Wireless personal area networks(PAN)
Wireless personal area networks(PAN)punjab engineering college, chandigarh
 
Bluetooth technology
Bluetooth technologyBluetooth technology
Bluetooth technologyDeevena Dayaal
 
Bluetooth
BluetoothBluetooth
BluetoothFahim Faysal
 
6-IoT protocol.pptx
6-IoT protocol.pptx6-IoT protocol.pptx
6-IoT protocol.pptxPratik Gohel
 
Bluetooth technology introduction and ecosystem
Bluetooth technology introduction and ecosystem Bluetooth technology introduction and ecosystem
Bluetooth technology introduction and ecosystem NiclasGranqvist
 
Bluetooth
BluetoothBluetooth
BluetoothHassan Razzaq
 
Bluetooth technology by shamshad
Bluetooth technology by shamshadBluetooth technology by shamshad
Bluetooth technology by shamshad1122334411223344
 
BluetoothSecurity.ppt
BluetoothSecurity.pptBluetoothSecurity.ppt
BluetoothSecurity.pptssuser1d7ef1
 

Recommended

Wireless personal area networks(PAN)
Wireless personal area networks(PAN)Wireless personal area networks(PAN)
Wireless personal area networks(PAN)punjab engineering college, chandigarh
 
Bluetooth technology
Bluetooth technologyBluetooth technology
Bluetooth technologyDeevena Dayaal
 
Bluetooth
BluetoothBluetooth
BluetoothFahim Faysal
 
6-IoT protocol.pptx
6-IoT protocol.pptx6-IoT protocol.pptx
6-IoT protocol.pptxPratik Gohel
 
Bluetooth technology introduction and ecosystem
Bluetooth technology introduction and ecosystem Bluetooth technology introduction and ecosystem
Bluetooth technology introduction and ecosystem NiclasGranqvist
 
Bluetooth
BluetoothBluetooth
BluetoothHassan Razzaq
 
Bluetooth technology by shamshad
Bluetooth technology by shamshadBluetooth technology by shamshad
Bluetooth technology by shamshad1122334411223344
 
BluetoothSecurity.ppt
BluetoothSecurity.pptBluetoothSecurity.ppt
BluetoothSecurity.pptssuser1d7ef1
 
BluetoothSecurity.ppt
BluetoothSecurity.pptBluetoothSecurity.ppt
BluetoothSecurity.pptgeorgejustymirobi1
 
Bluetooth presentation
Bluetooth presentationBluetooth presentation
Bluetooth presentationDhairYash Kotwani
 
Overview of Bluetooth technology
Overview of Bluetooth technologyOverview of Bluetooth technology
Overview of Bluetooth technologySuman Bhattacharyya
 
bluetooth-security
bluetooth-securitybluetooth-security
bluetooth-securityAnand Dhana
 
Bluetooth basic
Bluetooth basicBluetooth basic
Bluetooth basicEngr Sid
 
BLUETOOTH.ppt
BLUETOOTH.pptBLUETOOTH.ppt
BLUETOOTH.pptTheUltimateFunEntert
 
Bluetooth Basic Version
Bluetooth Basic VersionBluetooth Basic Version
Bluetooth Basic VersionAyesha Saeed
 
Bluetooth smart technology(description about all versions)
Bluetooth smart technology(description about all versions)Bluetooth smart technology(description about all versions)
Bluetooth smart technology(description about all versions)lurdhu agnes
 
Bluetooth - Comprehensive Presentation
Bluetooth - Comprehensive PresentationBluetooth - Comprehensive Presentation
Bluetooth - Comprehensive PresentationMuhammed Afsal Villan
 
Bluetooth Technology
Bluetooth TechnologyBluetooth Technology
Bluetooth TechnologyAbdullah Khosa
 
Bluetooth low energy- Kashyap Velpuru
Bluetooth low energy- Kashyap VelpuruBluetooth low energy- Kashyap Velpuru
Bluetooth low energy- Kashyap Velpurukashyap velpuru
 
Bluetooth technology
Bluetooth technologyBluetooth technology
Bluetooth technologyMadugula Kumar
 
Bluetooth Technology & Security
Bluetooth Technology & SecurityBluetooth Technology & Security
Bluetooth Technology & SecurityHimangshu Hazra
 
Bluetooth
BluetoothBluetooth
BluetoothAnamika Garg
 
How to use Bluetooth® Smart to control your embedded device with a mobile device
How to use Bluetooth® Smart to control your embedded device with a mobile deviceHow to use Bluetooth® Smart to control your embedded device with a mobile device
How to use Bluetooth® Smart to control your embedded device with a mobile deviceAnaren, Inc.
 
Bluetooth.ppt
Bluetooth.pptBluetooth.ppt
Bluetooth.pptDrTThendralCompSci
 
Bluetooth
BluetoothBluetooth
BluetoothKashyap Shah
 
Bluetooth
BluetoothBluetooth
BluetoothMac_Kevin
 
PPT on Bluetooth Based Wireless Sensor Networks
PPT on Bluetooth Based Wireless Sensor NetworksPPT on Bluetooth Based Wireless Sensor Networks
PPT on Bluetooth Based Wireless Sensor NetworksSiya Agarwal
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014Brian Knopf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

More Related Content

Similar to THAT_2023_BLE.pdf

Overview of Bluetooth technology
Overview of Bluetooth technologyOverview of Bluetooth technology
Overview of Bluetooth technologySuman Bhattacharyya
 
bluetooth-security
bluetooth-securitybluetooth-security
bluetooth-securityAnand Dhana
 
Bluetooth basic
Bluetooth basicBluetooth basic
Bluetooth basicEngr Sid
 
Bluetooth Basic Version
Bluetooth Basic VersionBluetooth Basic Version
Bluetooth Basic VersionAyesha Saeed
 
Bluetooth smart technology(description about all versions)
Bluetooth smart technology(description about all versions)Bluetooth smart technology(description about all versions)
Bluetooth smart technology(description about all versions)lurdhu agnes
 
Bluetooth - Comprehensive Presentation
Bluetooth - Comprehensive PresentationBluetooth - Comprehensive Presentation
Bluetooth - Comprehensive PresentationMuhammed Afsal Villan
 
Bluetooth low energy- Kashyap Velpuru
Bluetooth low energy- Kashyap VelpuruBluetooth low energy- Kashyap Velpuru
Bluetooth low energy- Kashyap Velpurukashyap velpuru
 
Bluetooth Technology & Security
Bluetooth Technology & SecurityBluetooth Technology & Security
Bluetooth Technology & SecurityHimangshu Hazra
 
How to use Bluetooth® Smart to control your embedded device with a mobile device
How to use Bluetooth® Smart to control your embedded device with a mobile deviceHow to use Bluetooth® Smart to control your embedded device with a mobile device
How to use Bluetooth® Smart to control your embedded device with a mobile deviceAnaren, Inc.
 
PPT on Bluetooth Based Wireless Sensor Networks
PPT on Bluetooth Based Wireless Sensor NetworksPPT on Bluetooth Based Wireless Sensor Networks
PPT on Bluetooth Based Wireless Sensor NetworksSiya Agarwal
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014Brian Knopf
 

Similar to THAT_2023_BLE.pdf (20)

BluetoothSecurity.ppt
BluetoothSecurity.pptBluetoothSecurity.ppt
BluetoothSecurity.ppt
 
Bluetooth presentation
Bluetooth presentationBluetooth presentation
Bluetooth presentation
 
Overview of Bluetooth technology
Overview of Bluetooth technologyOverview of Bluetooth technology
Overview of Bluetooth technology
 
bluetooth-security
bluetooth-securitybluetooth-security
bluetooth-security
 
Bluetooth basic
Bluetooth basicBluetooth basic
Bluetooth basic
 
BLUETOOTH.ppt
BLUETOOTH.pptBLUETOOTH.ppt
BLUETOOTH.ppt
 
Bluetooth Basic Version
Bluetooth Basic VersionBluetooth Basic Version
Bluetooth Basic Version
 
Bluetooth smart technology(description about all versions)
Bluetooth smart technology(description about all versions)Bluetooth smart technology(description about all versions)
Bluetooth smart technology(description about all versions)
 
Bluetooth - Comprehensive Presentation
Bluetooth - Comprehensive PresentationBluetooth - Comprehensive Presentation
Bluetooth - Comprehensive Presentation
 
Bluetooth Technology
Bluetooth TechnologyBluetooth Technology
Bluetooth Technology
 
Bluetooth low energy- Kashyap Velpuru
Bluetooth low energy- Kashyap VelpuruBluetooth low energy- Kashyap Velpuru
Bluetooth low energy- Kashyap Velpuru
 
Bluetooth technology
Bluetooth technologyBluetooth technology
Bluetooth technology
 
Bluetooth Technology & Security
Bluetooth Technology & SecurityBluetooth Technology & Security
Bluetooth Technology & Security
 
Bluetooth
BluetoothBluetooth
Bluetooth
 
How to use Bluetooth® Smart to control your embedded device with a mobile device
How to use Bluetooth® Smart to control your embedded device with a mobile deviceHow to use Bluetooth® Smart to control your embedded device with a mobile device
How to use Bluetooth® Smart to control your embedded device with a mobile device
 
Bluetooth.ppt
Bluetooth.pptBluetooth.ppt
Bluetooth.ppt
 
Bluetooth
BluetoothBluetooth
Bluetooth
 
Bluetooth
BluetoothBluetooth
Bluetooth
 
PPT on Bluetooth Based Wireless Sensor Networks
PPT on Bluetooth Based Wireless Sensor NetworksPPT on Bluetooth Based Wireless Sensor Networks
PPT on Bluetooth Based Wireless Sensor Networks
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
 

Recently uploaded

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Recently uploaded (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

THAT_2023_BLE.pdf

  • 1.
  • 2.
  • 3. ALL THINGS BLUETOOTH LOW ENERGY ROBIN SCHROEDER @RTSCHROEDER THAT CONFERENCE, WISCONSIN, JULY 2023
  • 4. Robin Schroeder @RTSchroeder o BS in taxonomic botany 1999 o Writing code since 1998 o Java → C# 2008 o Started with Xamarin 2015 o Bluetooth Mesh and BLE 2018 o Currently work at Mercury Marine o Packt Technical Reviewer o Hobbies: Guitar, Ancestry, DAR myoctocat.com
  • 5. WHAT IS BLUETOOTH?? HOW DOES IT WORK? HISTORY
  • 6. WHAT IS BLUETOOTH? •A wireless technology standard using UHF radio waves to exchange data between devices in a piconet. •Bluetooth SIG (Special Interest Group) 38,000+ member companies
  • 7. HOW DOES IT WORK? HARDWARE • Bluetooth Chip with Antenna “Radio” • Many can broadcast and receive • Many run on very little power SIGNAL • Frequency Hopping: changing 1,600 times per second • Short range, ~ line of sight
  • 8. A LITTLE HISTORY • “Short-Link” radio technology (1989) Ericksson Mobile in Sweden for wireless headphones • IBM wanted to integrate mobile phones with ThinkPads (1997) • Both companies worked together to make it an OPEN INDUSTRY STANDARD • Ericsson wireless headsets (1999) & phones (2001) • IBM ThinkPads (2001) https://en.wikipedia.org/wiki/Ericsson_T39
  • 9. A LITTLE MORE HISTORY • Jim Kardach (Intel, 1997) happened to be reading a book about Viking history • Harald Bluetooth – Danish & Norwegian King (~958AD) and Viking raider • May 1998 Bluetooth SIG launched King Harald Bluetooth united the Danish tribes into one kingdom. Bluetooth unites communication protocols.
  • 10. ONE MORE THING… • The son and successor to King Harald Bluetooth: Sweyn Forkbeard. Gabeldorsche is German for Forkbeard(s). • Google used the name “Gabeldorsche” (gd for short) for their new Bluetooth stack, available as a developer-only option in Android 11 and 12, and then enabled by default in Android 13. https://en.wikipedia.org/wiki/Sweyn_Forkbeard For details: https://cs.android.com/android/platform/superproject/+/master:s ystem/bt/gd/docs/architecture/architecture.md?q=Gabeldorsche
  • 12. BLUETOOTH TECHNOLOGIES Classic Bluetooth (BR/EDR ) 1:1 Basic Rate/Enhanced Data Rate - Wireless headsets, speakers, etc. Bluetooth Low Energy (BLE or LE) 1:1 or 1: Many Fitness trackers, medical equipment, beacons, asset tracking Bluetooth Mesh Many : Many Lighting systems, sensor monitoring, automation systems, etc.
  • 13. BLUETOOTH PICONET Phone Laptop Speaker Headset Car • Classic or BLE hardware • Max of 7 peripheral devices at one time • Up to 255 ‘parked’, inactive devices • Security is not required • Piconets can share peripherals
  • 15. BLUETOOTH CLASSIC == STREAMING Headsets Hearing Aids Car Audio BT Speakers Video - Chromecast
  • 16.
  • 17. DECODING BLUETOOTH PHONE SPECS PIXEL 6 PRO • Bluetooth Radio & Software v5.2 • BT Classic (understood) • BLE (aka LE) • A2DP: Advanced Audio Distribution Profile – for streaming music from phone to car • aptX HD: Qualcomm codec for transmitting high quality audio https://www.gsmarena.com
  • 18.
  • 19. BLUETOOTH LOW ENERGY AKA Bluetooth Smart, BLE or just LE…
  • 21. BLUETOOTH GAP GAP = GENERIC ACCESS PROFILE • Advertising • Connection management • Four device roles for BLE communications: • Broadcaster/Observer • Peripheral/Central
  • 22. BLE BEACONS • Small BLE radios can constantly emit pings that include a link or a short message. • Often stationary • Often battery powered • GAP messages • No connection required • ONE-WAY Communication
  • 23. BEACONS SOFTWARE & PROTOCOLS • Eddystone (google 2015, open source) • iBeacon (Apple, 2013)
  • 24. CROWD SOURCED ASSET TRACKERS • Small BLE radios that constantly emit pings that include a link or a short message. • NOT Stationary • Often battery powered • GAP messages • No connection required • Usually, ONE-WAY Communication
  • 25. TILE • Used all users who had the tile app installed. • Those phones funnel the BLE broadcast messages up the the cloud along with the GPS coord of the PHONE. • Tile itself has no spatial awareness.
  • 26. APPLE AIR TAGS • Uses BLE to transmit its location to nearby iPhones • Croudsourcing massive fleet of all iPhones running recent software • Precision Tracking “Spatial Awareness” • iPhone 11 and later • Apple-designed U1 chip uses Ultra Wideband (UWB) technology • Apple Watch series 6 & later • AirDrop • AirTag
  • 27. ASSET TRACKING SECURITY • Dec 2022 Class Action Lawsuit against Apple for negligence – Air Tags being used for stalking • May 2023 Apple, Google, and other industry folks started putting together a specification for asset tracking and security. • Apple released an Android App to help Android users detect when an Air Tag is nearby.
  • 28. SAMSUNG SMARTTAG (& PIXEL?) • Leverages the network of all Samsung Galaxy phones • Only works with Galaxy phones • For close range, uses BLE directly with the phone. • Does not use UWB. • Version 2 expected soon, using BT 5.3 • Google Pixel quietly included a UWB chip starting in the Pixel 6 Pro. Some folks think they will be introducing an asset tracker as well. That, AND google is in on the spec.
  • 29. BLUETOOTH GATT GATT = GENERIC ATTRIBUTE PROFILE • System of data organization and data transfer • A Bluetooth device (server) exposes data as Attributes, broken down into Services and Characteristics. • Characteristics & Services have UUIDs • Requires an established connection Profile Service 1 • Characteristic • Properties • Value • Descriptor • Characteristic • Properties • Value • Descriptor Service 2 • Characteristic • Properties • Value • Descriptor • Characteristic • Properties • Value • Descriptor
  • 30. CONNECTING, PAIRING & BONDING • BT Connection (Classic or BLE): Two devices have agreed on communicating in an unencrypted fashion. Encrypted: • Pairing: Exchanging the security keys and other information needed to establish an encrypted conversation. • Bonding: The keys generated during pairing need to be stored and used in subsequent bonded connections. • Forget a Paired Device: One of the devices deletes the pairing key used for a bonded connection and the pairing process needs to happen again.
  • 31. BLUETOOTH GATT HTTPS://WWW.BLUETOOTH.COM/SPECIFICATIONS/SPECS/?TYPES=ADOPTED • Health Care • Heart Rate Profile • Health Thermometer Profile • Glucose Profile • Sports and Fitness • Running Speed and Cadence Profile • Cycling Speed and Cadence Profile • HID • Wireless mice and keyboards • Battery • Battery charged levels and stats
  • 33. FITNESS TRACKERS • Bluetooth Low Energy (BLE) • Require a connection • No bonding (usually) • Often, a mix of following the spec and creating their own custom BLE Characteristics.
  • 34. Bluetooth 1, 2.0, 2.1, 3 Classic 1999-2009 Bluetooth 4 & 4.2 Classic BLE 2010-2015 Bluetooth 5 & 5.1 Classic BLE Mesh 2016-2019 Bluetooth 5.2 & 5.3 Classic BLE Mesh LE Audio 2020-2023
  • 35. BLE RADIO SPECS https://blog.nordicsemi.com/getconnected/things-you-should-know-about-bluetooth-range Bluetooth 4.0 Bluetooth 4.2 Bluetooth 5 Release Date October 2011 December 2014 December 2016 First Phone iPhone 4S Samsung Galaxy S8, iPhone X Range (indoors) 10 - 50m ~50m 240 - 400m Max Range (outdoors) ~100m ~100m 1,000m Max Data Rate 1 Mbit/s ~1 Mbit/s 2 Mbit/s Application Throughput Up to 305 kbit/s Up to 800 kbit/s Up to 1,360 kbit/s
  • 39. BLUETOOTH MESH Hardware Required: BLE 4.2 or 5 radio, in each device Software Required: Implement the Mesh Specification BLE devices communicating many to many. Security is REQUIRED. Phones are “Configuration Clients”: they can configure and listen to messages in the network.
  • 40. MANAGED FLOOD MESH NETWORK • Broadcast messages have a TTL (Time to Live) • Sequence numbers help weed out processing repeat messages • Subnets allow for partitions
  • 43.
  • 45. Chicago Marathon 26 Mile route 3 waves and 12 Corrals of runners 2019 – 45,956 runners finished 6.5 hours max Runners • pace, splits, official time and place Organizers • alerted of dangerous heart rates • eliminate cheaters Fans • current runner position and stats
  • 46. Each wrist/armband periodically publishes The runner’s id and heart rate. Node’s Identifier Heart Rate Length 4 bytes 1 byte Hex 0x00003039 0x5f Dec 12,345 95 bpm
  • 47. Azure DB Public App for fans and runners Each runner wears a relay node wristband
  • 49. BLUESNARFING • Theft of contacts, calendar data, email and texts message from a discoverable Bluetooth device. • Connect to a GATT service which doesn’t require authentication
  • 50. BLUEBUGGING By pretending to be a BT headset, hackers use all phone features: intercepting phone calls, sending messages, reading phonebooks and calendars.
  • 51. BLE SPOOFING ATTACK (BLESA) Exploits the reconnection process • Authentication during device reconnection is optional • Authentication verification can be skipped by the IoT device BLESA: Spoofing Attacks against reconnections in BLE
  • 52. REPLAY ATTACK Re-publishing obfuscated, encrypted messages into the network to invoke a repeat of the action the message originally caused. Message Sequence Numbers
  • 53. TRASH CAN ATTACK Harvesting of keys or passwords from devices that have been removed from a network. Mesh: Key Refresh Procedure
  • 54. MAN IN THE MIDDLE Third party, in between source and destination, listening in to communications. BONDING Mesh: Asymmetrical Cryptography, Elliptic Curve Diffie-Helman (ECDH) key agreement protocol
  • 56. BEST PLATFORM FOR WRITING BLE HEAVY CROSS PATFIRM MOBLE APPS? • Xamarin/ .Net MAUI • Write the iOS and Android specific bits in the same language (C#) • C# is a fully featured, well worn path • iOS and Android BLE code operates on the native objects • Multi threaded • Lots of infrastructure, community involvement, backed by Microsoft • All other code is shared – like the tedious bits that parse/build the byte code
  • 59. TOOLING: MAC PACKET LOGGER LIVE Bluetooth logs… as they happen
  • 60. TOOLING: BLUETOOTH FOR IOS PROFILE https://www.bluetooth.com/blog/a-new-way-to-debug-iosbluetooth-applications/ Must reinstall every four days…
  • 61. TOOLING: “SNIFFERS” BLE PROTOCOL ANALYZER Passively listen to Bluetooth traffic • Adafruit Bluefruit LE Sniffer (BLE 4.0) • Sodera LE Bluetooth Protocol Analyzer
  • 62. TOOLING: FARADAY BOX/BAG Block BLE and WiFi traffic to/from a device
  • 65. SEARCH FOR “BLE” PHONE APPS
  • 68.
  • 69.
  • 70.
  • 71. BLE MESH SPECIFICATION DOCS WWW.BLUETOOTH.COM/SPECIFICATIONS/MESH-SPECIFICATIONS
  • 72. SOFTWARE FOR BT MESH Bluetooth SIG Study Guides • Nordic Semiconductor Thingy 52 boards • https://www.bluetooth.com/bluetooth-resources/?types=study-guide
  • 73. HARDWARE & FIRMWARE FOR BT MESH ZEPHYR Project • Open Source RTOS • Supports the BT Mesh Specification • https://docs.zephyrproject.org/latest/getting_started/index.html