iBeacon Security

The 2013 first introduced iBeacon standard is still a fairly new technology that finds increasingly wider applications. When dealing with new technologies like the iBeacon protocol, it is important to consider issues relevant to security to enable companies and users to protect themselves from attacks and security vulnerabilities early on. The aim of this thesis is to analyze and evaluate security relevant questions related to the iBeacon protocol. In this context, a prototype consisting of a customer app and a dealer app for the greeting of customers is developed. This prototype uses iBeacons to detect a customer entering the store. iBeacons use the advertising channels of the Bluetooth Low Energy protocol to broadcast their identification which makes inspecting this data easy. This makes spoofing and piggybacking of iBeacons possible. Countermeasures are UUID rotation, the evaluation of the geolocation and cross- referencing other beacons. In order to be protected from unauthorized reconfiguration, beacon manufacturers usually provide authentication measures. To further be able to quickly replace stolen beacons, the beacon IDs should be saved by a web service. The prototype implements UUID rotation and saves the beacon IDs within a web service. Furthermore, it is possible to check the geolocation and to consider several beacon regions to be able to decide whether or not a customer has entered the store.

Bachelor-Thesis written by Nathalie Bressa, August 31st 2015

Supervised by: Prof. Dr. Ansgar Gerlicher, Dipl.-Ing. (FH) Tobias Frech (iCConsult GmbH)