Bluetooth Low Energy (BLE) has become an intrinsic wireless technology for the Internet of Things (IoT). With the proliferation of BLE-embedded IoT devices, it is important to study the security and privacy implications of BLE. The forefront attack to BLE devices is the wireless sniffing attack, which would lead to more detrimental threats like jamming, encryption cracking or system penetration. Existing sniffing attacks are based on the correct detection of BLE connection initiation state, but they become ineffective for BLE long-lived connections. In this paper, we focus on the adversary setting with a lowcost single radio and develop a suite of real-time algorithms to determine the key parameters necessary to follow and sniff a BLE connection in the connected state. We implement our algorithms in the open source platform -Ubertooth One and evaluate its performance in terms of sniffing overhead and accuracy. By comparing with state-of-the-art schemes, experimental results show that our sniffer achieves much higher sniffing accuracy (over 80%) and better stability to BLE operational dynamics.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.