The Bluetooth standard is ubiquitously supported by com- puters, smartphones, and IoT devices. Due to its complex- ity, implementations require large codebases, that are prone to security vulnerabilities, such as the recently discovered BlueBorne and BadBluetooth attacks. While defined by the standard, most of the Bluetooth functionality, as defined by different Bluetooth profiles, is not required in the common usage scenarios. Starting from this observation, we implement L IGHT B LUE , a framework performing automatic, profile-aware debloating of Bluetooth stacks, allowing users to automatically minimize their Bluetooth attack surface by removing unneeded Blue- tooth features. L IGHT B LUE starts with a target Bluetooth application, detects the associated Bluetooth profiles, and ap- plies a combination of control-flow and data-flow analysis to remove unused code within a Bluetooth host code. Fur- thermore, to debloat the Bluetooth firmware, L IGHT B LUE extracts the used Host Controller Interface (HCI) commands and patches the HCI dispatcher in the Bluetooth firmware au- tomatically, so that the Bluetooth firmware avoids processing unneeded HCI commands. We evaluate L IGHT B LUE on four different Bluetooth hosts and three different Bluetooth controllers. Our evaluation shows that L IGHT B LUE achieves between 32% and 50% code reduction in the Bluetooth host code and between 57% and 83% HCI command reduction in the Bluetooth firmware. This code reduction leads to the prevention of attacks responsible for at least 20 CVEs, such as BlueBorne and BadBluetooth, while introducing no performance overhead and without af- fecting the behavior of the debloated application.
Proceedings of the USENIX Security Symposium (USENIX Security)