Human assisted information extraction through Bluetooth low energy on android

Abstract

Analyzing the security of the firmware of embedded devices is critical to provide the highest degree of safety and privacy for the user. This is true especially if the device is used to collect medical rated data, or is implanted into someone to regulate the heart rate of the patient, or to administrate drugs automatically. But most of such devices have a closed-source firmware, which can only be extracted from the device itself, which has its own difficulties. Nowadays a widely used method to provide updates for consumer grade embedded devices is to connect them to a smartphone and operate them through an application on the phone. This thesis describes a system which is capable to analyze such smartphone applications, and extract relevant data from them to set up a generic Bluetooth Low Energy server which can pretend to be a real device. This makes it possible to analyze both the protocol used for the communication between device and phone as well as to dump any data which is sent from the phone to de device, like a firmware update. This eliminates both the need to have the device in question as well as the cumbersome firmware extraction. This thesis also provides a thorough literature review in the fields of firmware analysis techniques and frameworks, the security and privacy of embedded devices and techniques and tools used to analyze Android applications.