DEMO: Extracting Physical-Layer BLE Advertisement Information from Broadcom and Cypress Chips
This work addresses a specific technical bottleneck in BLE-based contact tracing systems, with potential impact on public health applications, but it is incremental as it depends on vendor adoption.
The researchers tackled the problem of limited Bluetooth Low Energy (BLE) advertisement data for contact tracing by reverse-engineering firmware on Broadcom and Cypress chips, enabling extraction of additional physical-layer information that could improve exposure notifications if adopted.
Multiple initiatives propose utilizing Bluetooth Low Energy (BLE) advertisements for contact tracing and SARS-CoV-2 exposure notifications. This demo shows a research tool to analyze BLE advertisements; if universally enabled by the vendors, the uncovered features could improve exposure notifications for everyone. We reverse-engineer the firmware-internal implementation of BLE advertisements on Broadcom and Cypress chips and show how to extract further physical-layer information at the receiver. The analyzed firmware works on hundreds of millions of devices, such as all iPhones, the European Samsung Galaxy S series, and Raspberry Pis.