GATT Fingerprinting and Tracking

Description

GATT Fingerprinting and Tracking

CWE

CVE

Attack Surfaces

BLE (MITRE EMB3D PID-4111)

GATT

Attack Vectors

Information Leak (MITRE EMB3D TID-310)

Eavesdropping

Tracking

Defenses

Restrict access to values of characteristics, Use GATT permission system to ensure that characteristics are not readable by unauthenticated clients

Minimize exposure of GATT profile, Set access control to show services and characteristics only to authenticated clients