BLUUID: Firewallas, Diabetics, And… Bluetooth

This report describes a methodology for creating a BTLE GATT UUID database from Android APKs to remotely fingerprint devices and demonstrates its use by identifying Firewalla devices, where researchers discovered and demonstrated two serious vulnerabilities: CVE-2024-40892 (exposure and weak protection of the device license/token and reused private signing key enabling forged JWTs and unauthorized configuration/SSH provisioning) and CVE-2024-40893 (unsanitized network configuration parameters exposed via BTLE allowing command injection and remote root code execution with persistence via cloud sync).