Long-Range (200m) BLE Beacons with 1Mb EEPROM (opens in new tab)

(blog.estimote.com)

47 pointsjimiasty9y ago20 comments

20 comments

16 comments · 4 top-level

Animats9y ago· 5 in thread

These should be great for attackers - a long-range Bluetooth device with years of battery life. Reprogram these for the MouseJack attack.[1] Get a bag of 50 and spread them around. Profit! If you want to attack a specific company, spread them around that company's building and nearby restaurants. If you repaint them, who's going to notice an extra rock in the landscaping?

If the "remote updating for fleet management" can be attacked, you don't even need to buy them; you can take over other people's.

[1] http://www.computerworld.com/article/3037377/security/mousej...

thawab9y ago

It's not similar to the devices covered in the article. This is how a beacon work:

1- A beacon broadcast a UUID.

2- The users should install my app, the app reads the UUID.

3- The app requests the picture or video related to this UUID from my server.

If an attacker can access the beacon and modify it, then my app is not going to find the UUID's i added to the server.

rasz_pl9y ago

and here is the attack:

-evul haxor learns about those beacons at the target location

-finds a weakness in remote firmware update

-prepares special firmware with added Microsoft/logitech mouse/keyboard emulation (nRF52 can do this). Bonus points if he can make one beacon flash other beacons in range.

-infects one beacon using long range setup (yagi, amp)

-profit

edgartaor9y ago

I'm not sure if I understand how these devices can be used to attack. Can you explain it in more detail?

Animats9y ago

Bluetooth devices can do MITM attacks on anything with a wireless keyboard or mouse. This device isn't designed to do that, but it's a programmable long-range Bluetooth device designed to be unobtrusive, so it's hardware that can be repurposed for an attack.

1 more reply

fulafel9y ago

MouseJack was targeting vulnerabilities in non-BT mice and keyboards, like those using the Logitech dongles.

BT pairing prevents trivial MITM attacks.

guiomie9y ago· 4 in thread

This is really cool, but I can't figure out a use case to buy any :/

zump9y ago

Said everyone working in IoT.

skewart9y ago

Yeah, like a sibling comment suggests, beacons are definitely in the bottom of the trough of disillusionment on the Gartner hype cycle chart.

There is a ton of potential for them though, but perhaps more in the autonomous vehicles and robotics space than in the realm of current consumer devices. Of course, there are plenty of competing technologies in the micro-location space.

Making beacons more computationally powerful beyond just broadcasting a UUID is an interesting development, and one competing tech, like location fingerprinting, can't easily do.

calgoo9y ago

Yea I can see usage for big shops like wallmart etc where its next to impossible to find something if you dont know the store. Image if these where available for each area, and you just put in what you are looking for and it guides you to the correct section.

1 more reply

rasz_pl9y ago

You can place them in physical locations and let users download your app that will trigger when it sees them, it almost makes sense versus app with GPS coordinate list, almost ....

jimiastyOP9y ago· 2 in thread

Hi HN, this is Jakub, founder of Estimote, Inc. (YC S13).

We just released a new revision of our Location Beacons. We implemented new, low power Nordic nRF52 chip and extended range to 200 metres (+10dB).

Beacons can simultanously advertise both iBeacon and Eddystone packets as well as telemetry & sensor data + they have built-in GPIO slot.

There is also 1Mb EEPROM, so you can read/write data directly in the beacon.

You can read more on our blog: http://blog.estimote.com/post/149362004575/updated-location-...

I will be more than happy to answer any questions here.

scartracs9y ago

My power is out so I can't browse too much atm. I vaguely remember the Google beacon being a always-on notification that launched a website link pressed. How well does that work in android and iOS? Would it be feasible to make an "SOS help" beacon and expect every phone nearby to be notified or similarly spammed with an ad message?

erichocean9y ago

I wish they were actually programmable. The available programmable BLE hardware is a bit clunky (I'm using stuff from RedBearLabs currently).

gortok9y ago· 1 in thread

How can these devices pass BLE certification and go to +10dBm?

rasz_pl9y ago

? its only 10mW, old BT Class 1 goes up to 100mW (20dbm)

j / k navigate · click thread line to collapse

20 comments

16 comments · 4 top-level

Animats9y ago· 5 in thread

If the "remote updating for fleet management" can be attacked, you don't even need to buy them; you can take over other people's.

[1] http://www.computerworld.com/article/3037377/security/mousej...

thawab9y ago

It's not similar to the devices covered in the article. This is how a beacon work:

1- A beacon broadcast a UUID.

2- The users should install my app, the app reads the UUID.

3- The app requests the picture or video related to this UUID from my server.

If an attacker can access the beacon and modify it, then my app is not going to find the UUID's i added to the server.

rasz_pl9y ago

and here is the attack:

-evul haxor learns about those beacons at the target location

-finds a weakness in remote firmware update

-prepares special firmware with added Microsoft/logitech mouse/keyboard emulation (nRF52 can do this). Bonus points if he can make one beacon flash other beacons in range.

-infects one beacon using long range setup (yagi, amp)

-profit

edgartaor9y ago

I'm not sure if I understand how these devices can be used to attack. Can you explain it in more detail?

Animats9y ago

1 more reply

fulafel9y ago

MouseJack was targeting vulnerabilities in non-BT mice and keyboards, like those using the Logitech dongles.

BT pairing prevents trivial MITM attacks.

guiomie9y ago· 4 in thread

This is really cool, but I can't figure out a use case to buy any :/

zump9y ago

Said everyone working in IoT.

skewart9y ago

Yeah, like a sibling comment suggests, beacons are definitely in the bottom of the trough of disillusionment on the Gartner hype cycle chart.

Making beacons more computationally powerful beyond just broadcasting a UUID is an interesting development, and one competing tech, like location fingerprinting, can't easily do.

calgoo9y ago

1 more reply

rasz_pl9y ago

You can place them in physical locations and let users download your app that will trigger when it sees them, it almost makes sense versus app with GPS coordinate list, almost ....

jimiastyOP9y ago· 2 in thread

Hi HN, this is Jakub, founder of Estimote, Inc. (YC S13).

We just released a new revision of our Location Beacons. We implemented new, low power Nordic nRF52 chip and extended range to 200 metres (+10dB).

Beacons can simultanously advertise both iBeacon and Eddystone packets as well as telemetry & sensor data + they have built-in GPIO slot.

There is also 1Mb EEPROM, so you can read/write data directly in the beacon.

You can read more on our blog: http://blog.estimote.com/post/149362004575/updated-location-...

I will be more than happy to answer any questions here.

scartracs9y ago

erichocean9y ago

I wish they were actually programmable. The available programmable BLE hardware is a bit clunky (I'm using stuff from RedBearLabs currently).

gortok9y ago· 1 in thread

How can these devices pass BLE certification and go to +10dBm?

rasz_pl9y ago

? its only 10mW, old BT Class 1 goes up to 100mW (20dbm)

j / k navigate · click thread line to collapse