BLE authentication design challenges on smartphone controlled IoT devices: analyzing Gogoro Smart Scooter
Smartphones are commonly used as the controller and Internet gateway for BLE-enabled IoT devices. Designing a strong authentication protocol between them is the key part of IoT security. However App design has challenges such as limited input / output interfaces and privacy protection standards. Due to these restrictions, many vendors has given-up BLE build-in security manager and choose to build their own authentication protocols.
This study focused on the method to analyze these BLE protocols, discovering and solving these challenges. We applied this method on commercial products, including popular Gogoro Smart Scooter from Taiwan. We will demo under some certain circumstances we are able to dump key used to unlock your Gogoro Scooter and send fake BLE signals to steal your scooter.