Performing DoS Attacks on Bluetooth Devices Paired with Google Home Mini

Abstract

In today’s technology world, Virtual personal assistants (VPA) have become very common and most people have started making their homes smart using these VPAs. Although different companies have different assistants, Google Home Mini (GHM) will be our focus in this paper. The first device, Google Home, was released in November 2016 and then GHM was released after a year, in October 2017. GHM has many features such as playing music, setting reminders, setting kitchen timer and controlling smart home devices. Although GHM might be reliable against cyber-attacks, devices, which are paired with GHM, could be attacked and these cyber-attacks can lead to severe problems. Cyber-attack issues become more important to us, specifically if the devices controlled by GHM are vital devices such as oven, fire alarm, security camera. In this article, we will represent Denial of Service (DOS) attacks applied against devices which are paired with GHM. In this study, Bluedoser, L2ping, Bluetooth Dos Script which are software in Kali Linux platform were used in order to perform DoS attack and some devices were used such as Google Home Mini, Headphone, 2 speakers as victim device. Successful results were observed on Bluetooth headphone.

Keywords

• Bluetooth attacks
• Denial of Service attack
• Google Home
• Security
• Network attacks
• Virtual Personal Assistants

References

1. Zhang, N, Mi, X, Feng, X, Wang, X, Tian, Y, Qian, F. 2018. Understanding and Mitigating the Security Risks of Voice-Controlled Third-Party Skills on Amazon Alexa and Google Home. https://arxiv.org/pdf/1805.01525.pdf
2. Alrawi, O, Lever, C, Antonakakis, M, Monrose, F. 2019 SoK: Security Evaluation of Home-Based IoT Deployments. IEEE Symposium on Security and Privacy. San Francisco, Ca. 20-22 May 2019. Doi:10.1109/SP.2019.00013
3. Park, M, James JI. 2018. Preliminary Study of a Google Home Mini. Journal of Digital Forensics 2018 June, 12(1). https://arxiv.org/pdf/2001.04574
4. Caputo, D, Verderame, L, Ranieri, A, Merlo, A, & Caviglione, L. 2020. Fine- hearing Google Home: why silence will not protect your privacy. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), 11(1), 35-53. https://doi.org/10.22667/JOWUA.2020.03.31.035
5. Çepik, H, Aydın, Ö, Dalkılıç, G. 2020. Security Vulnerability Assessment of Google Home Connection with an Internet of Things Device. 7th International Management Information Systems Conference. İzmir, Turkey. 09-11.12.2020.
6. Google Nest, https://en.wikipedia.org/wiki/Google_Nest_(smart_speakers) (accessed at 07.01.2021).
7. Google Home specifications. Google Home Help. Google. Retrieved December 6, 2017.
8. Demmitt, J. 2015. "Google's Nest Labs plans top secret project at new Seattle engineering center". Geekwire.

9. Statt, N, Bohn, D. 2019. Google Nest: Why Google finally embraced Nest as its smart home brand". The Verge. Retrieved October 9, 2019.
10. Blynk. http://www.blynk.cc/. (accessed at 07.01.2021).
11. Mills, D. 1995. Simple network time protocol (SNTP). RFC 1769, University of Delaware. https://www.hjp.at/doc/rfc/rfc1769.html. (accessed at 07.01.2021).
12. Uy, M. 2020. Bluetooth Basics. Lifewire web site. Retrieved from https://www.lifewire.com/what-is-bluetooth-2377412, (accessed at 07.01.2021).
13. Imperva 2020. Ping of Death (POD). Imperva, Inc. Web site. Retrived from https://www.imperva.com/learn/ddos/ping-of-death/, (accessed at 07.01.2021).
14. Huegen, C. A. 1998. Network-Based Denial of Service Attacks. IEEE Transactions on Information Theory.
15. Singh, A. 2013. Instant Kali Linux. Packt Publishing Ltd.
16. l2ping, https://linux.die.net/man/1/l2ping (accessed at 07.01.2021).
17. https://github.com/Anlos0023/bluedoser (accessed at 07.01.2021).
18. Bluetooth Dos Attack Script, https://github.com/crypt0b0y/BLUETOOTH-DOS-ATTACK-SCRIPT (accessed at 07.01.2021).
19. Debian, https://en.wikipedia.org/wiki/Debian (accessed at 07.01.2021).
20. Blues, http://www.bluez.org/ (accessed at 07.01.2021).
21. HciTool, https://linux.die.net/man/1/hcitool (accessed at 07.01.2021).