The BLE operations are logged in clear text in the logcat
The following bug report has been received through the YesWeHack private bugbounty phase.
Related: #11 (closed)
The BLE operations are logged in clear text in the logcat. In the class BleGattManagerImpl, the callback onCharacteristicWriteRequest is defined as it is:
override fun onCharacteristicWriteRequest(
device: BluetoothDevice,
requestId: Int,
characteristic: BluetoothGattCharacteristic,
preparedWrite: Boolean,
responseNeeded: Boolean,
offset: Int,
value: ByteArray?
) = execute {
super.onCharacteristicWriteRequest(
device,
requestId,
characteristic,
preparedWrite,
responseNeeded,
offset,
value
)
Log.d(
TAG,
"onCharacteristicWriteRequest device=$device, characteristic=${characteristic.uuid}"
)
val result = when (characteristic.uuid) {
payloadCharacteristic.uuid -> {
if (offset != 0) {
BluetoothGatt.GATT_INVALID_OFFSET
} else {
value?.let { callback.onWritePayloadRequest(device, it) }
BluetoothGatt.GATT_SUCCESS
}
}
else -> BluetoothGatt.GATT_FAILURE
}
Log.d(
TAG,
"onCharacteristicWriteRequest result=$result device=$device requestId=$requestId characteristic=${characteristic.uuid} preparedWrite=$preparedWrite responseNeeded=$responseNeeded offset=$offset value=$value"
)
if (responseNeeded) {
bluetoothGattServer?.sendResponse(device, requestId, result, offset, null)
}
}
As you can see, this callback is logging with details the result of the write request.
To remediate this issue, the removal of the Log.d should be consider
All Log.d usages should be reviewed throughout the code to remove potential sensitive information leaks to unencrypted storage.