Beacons are inconspicuous, compact wireless devices that repeatedly broadcast tiny packets of location and sensor data using Bluetooth Low Energy (BLE) signals. When in range, compatible smartphones can receive these transmissions to enable a myriad of location-based use cases — from targeted advertising to contact tracing and asset tracking. For any business deploying beacons, ensuring robust beacon security protections are in place is now imperative.
Why beacon security matters
This versatility has fueled rapid global adoption of beacon technology across industries, with smart beacon market size exceeding $127.4 billion by 2032. However, with much of this potential though, comes heightened risk around security and misuse of user data. Research suggests pretty much of consumers worry about beacons “tracking your every move” from ambient beacon infrastructure. And these concerns are valid — flaws in beacon infrastructure, devices, or usage can expose sensitive user and corporate data. For any business deploying beacons, ensuring robust protections are in place is now imperative.
Besides, the implementation of beacons is rapidly moving from the introduction phase to serious business involving more money, third parties, and information most people are interested in.
In IoT devices, security is the second most essential thing. When a beacon is turned on and well-secured, that is the only time it efficiently does its job like proximity location, transmitting data via secure channels, or interacting with the actual world around a beacon.
How beacons work and security risks
Beacons utilize BLE technology to communicate with nearby smartphones and tablets. They actually transmit in two key modes:
- Advertising Mode: Repeatedly broadcasts a one-way generic packet containing the beacon’s ID only.
- Connection Mode: Establishes a two-way, encrypted data connection between two devices.
Most retail and proximity applications rely on advertising mode to detect consumer smartphones. While in range, the beacon identifies the phone but does not access private data. So purely broadcasting beacons cannot “track” users in terms of collecting info. However, a beacon network combined with a brand’s mobile app does allow for monitoring customers within stores for analytics or engagement purposes. Users consent to this level of tracking via the app’s terms of service and permissions like enabling Bluetooth. It’s worth noting you can disable location services and Bluetooth on your device to opt out of beacon detection.
Examining a typical beacon ecosystem
While beacons themselves are relatively simple broadcasting devices, the wider ecosystems built around them comprise many interconnected components:
These components of the beacon ecosystem broadly vary depending on the deployment of the products. Continuous security evaluations of all touchpoints in an ecosystem are key to ensuring defenses stay robust even as new threats emerge.
- Embedded hardware beacon devices – The BLE transmitters, manufactured by companies like MOKOSmart and Kontakt.io. Available for $5 to $30 per unit. It’s vital to ensure hardware has security protections against code modification or interference attacks.
- Cloud web services – Centralized repositories where companies manage registered beacons’ metadata (battery life, locations, sensor data etc.) and analyze aggregated telemetry. It is significant to secure all the data stored in the cloud appropriately. Also, ensure that all API functions are properly authenticated and have no vulnerabilities that permit malicious attacks or access to unauthenticated data.
- Beacon management software – Admin panels from vendors allowing bulk configuring of beacon settings instead of device-by-device. Must encrypt data communications and storage while also securing over-the-air (OTA) firmware updates.
- End User mobile applications – The apps on consumer smartphones and tablets detecting transmitted beacon signals in proximity and leveraging the location data to enable engagements. Rigorous testing essential around authentication, data collection, communication encryption etc.
Common beacon exploits – how beacons are attacked
Every communication in Bluetooth beacon is decoded and happens clearly. Since beacons are promptly becoming gateways to complex connections, some people are increasingly using them in ways not intended resulting in attacks. Beacons can be attacked through:
Piggybacking & Cloning Beacons
Piggybacking happens when hackers snoop at a beacon, capture its UUIDs, Majors, and Minors, and add them to their app without the owner’s consent. Hackers can rely on the beacon’s infrastructure in their application as most beacons transmit the same signal for several years. Although it becomes inconvenient to share the beacon’s infrastructure with strangers for free, it has no adverse effects on customers and doesn’t damage the application.
Whenever hackers capture a beacon’s information, they can also easily clone the beacon. Cloning involves copying the beacon’s configuration and setting it to another application, thereby misleading the users. This is devastating as the hacker controls where and when a beacon activates, but it still triggers app payments.
Hijacking Beacons
Beacons are set such that they only communicate but cannot encrypt the information sent to them. Therefore, when linking to a beacon and a hacker sees the password you used to connect, they can use or change it such that it becomes impossible to connect anymore. This gives the hacker complete control over your beacon putting your whole IoT infrastructure at risk.
Cracking Bluetooth Beacons
Even when a beacon is secured from remote attacks, someone can still probe the beacon’s memory by physically removing the beacon from the wall and opening it up. Although this type of attack has a low probability of occurrence, it is still essential to defend your beacon against this if you have a beacon that controls sensitive applications.
Addressing each of these common attack entryways requires diligent defense across people, processes and technology — coordinating hardware supply chain security, cloud access governance, beacon configuration guidelines and more.
How to make beacons more secure
No one has been able to secure beacons from attacks as it is pretty tricky. Although many companies have developed strategies to protect their beacons from piggybacking and chip manufacturers’ defenses that protect a device from cracking, the efforts are worthless as they do not cover the entire data chain. Furthermore, no one has developed a mechanism that can protect devices from hijacking. As the beacon technology is brilliantly simple, you can use the following beacon security mechanisms to secure your beacon from all kinds of attacks efficiently.
Secure Communication
Secure Communication protects beacons from hijacking. It is a beacon cyber protocol that uses Bluetooth Low Energy (BLE) and is supported by various devices. The entire communication channel is fully encrypted from the beacon to the managing device. A beacon customized with the Secure Connection is impossible to hijack as it has an end to end encryption and does not require the password to be sent between the SDK and the beacons. This secure communication channel is managed through the SDK or Proximity API. Any beacon with this communication channel is adequately secured from any attack. This is because the device is efficiently protected against any malicious attack that hackers may try to exploit.
Software Lock
The software lock can secure all our beacons against direct cracking. Any attempt to access a device’s memory installed with a software lock wipes off all data in the memory. Although the simple beacon configurations remain available, the cracker cannot access any other information. When a software lock is installed in your beacon, you can be assured that your infrastructure is safe. Initially, we used to have this service in all our beacons, but we now do this only when customers need it as some develop the firmware by themselves.
Using Secure UUID for iBeacon Advertising
Secure UUID is a security mechanism that safeguards a beacon’s real ID. It gives you improved control over access to the beacon’s signal. This optional added layer of security is recommended for every beacon deployment.
During manufacturing, a unique beacon key can be allocated to each beacon. The key can only be recognized by the beacon or the IoT cloud platform. When encrypting and decrypting the beacon’s visible ID, the secure UUID algorithms use a beacon key along with its most recent rotation timestamp.
Since the beacon is liable for encryption, it creates a new visible beacon ID according to its unique rotation interval. The beacon transmits the new visible IDs in an iBeacon packet. Decryption occurs in the cloud that resolves the beacon key, thereby exceptionally recognizing the beacon. There is an iOS/Android device between the beacon and the cloud. The device listens to the beacon’s visible IDs and links with the cloud to discover the real ID of the beacon.
As the device only acts as a proxy, it cannot recognize the beacon key. Hence, a malicious party can easily remove the key from your app and decrypt any beacon’s visible ID in the future. This can be prevented by setting the decryption in the cloud, although the secure UUID must have an active internet connection to work.
What’s next on protecting your beacons
If you are looking for a way to secure your beacons from any attack, then you are in the right place. MOKOSmart is a global frontrunner with highly quality Bluetooth beacons. Always feel welcome to visit or contact us for further assistance.
