Bluetooth Low Energy Devices Security Testing Framework

Ray, Apala; Raj, Vipin; Manuel, Oriol; Monot, Aurelien; Obermeier, Sebastian

doi:10.1109/icst.2018.00045

Cited by 12 publications

(10 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many IoT devices available in the market are vulnerable to MITM attacks, and so data integrity and confidentiality are compromised. Recent studies [105] found that most of the industrial IoT automation tools use BLE devices with Just works and no further security measures. This makes it easy for the attacker to clone the device, and attackers can have unauthorized access to the peripheral devices.…”

Section: B Active Eavesdroppingmentioning

confidence: 99%

“…A slave device sends LL Reject Ind signal to tell the master device that the previously saved LTK is lost or no longer valid. Thus attacker forcefully compels the victim device to go through the vulnerable bonding process with the original device or with the attacker [105].…”

Section: Device Cloningmentioning

confidence: 99%

“…There are some forms of authentication attacks that crack the shared keys exchanged in the pairing process [105] and they are as follows:…”

Section: ) Device Authentication (Bonding) Attackmentioning

confidence: 99%

“…In the fuzzing attack, the attacker uses a program that sends random data or carefully crafted malformed data to the device, and this might cause the BLE device to crash or misbehave [105]. The Fuzzer tests application's input handling capability [59].…”

Section: ) Fuzzing Attackmentioning

confidence: 99%

See 3 more Smart Citations

Security and Privacy Threats for Bluetooth Low Energy in IoT and Wearable Devices: A Comprehensive Survey

Barua

Alamin

Hossain

et al. 2022

IEEE Open J. Commun. Soc.

View full text Add to dashboard Cite

Bluetooth Low Energy (BLE) has become the de facto communication protocol for the Internet of Things (IoT) and smart wearable devices for its ultra-low energy consumption, ease of development, good enough network coverage, and data transfer speed. Due to the simplified design of this protocol, there have been lots of security and privacy vulnerabilities. As billions of health care, personal fitness wearable, smart lock, industrial automation devices adopt this technology for communication, its vulnerabilities should be dealt with high priority. Some segregated works on BLE were performed focusing on various vulnerabilities, such as the insecure implementation of encryption, device authentication, user privacy, etc. However, there has been no comprehensive survey on the security vulnerabilities of this protocol. In this survey paper, we present a comprehensive taxonomy for the security and privacy issues of BLE. We present possible attack scenarios for different types of vulnerabilities, classify them according to their severity, and list possible mitigation techniques. We also provide case studies regarding how different vulnerabilities can be exploited in real BLE devices.

show abstract

Section: B Active Eavesdroppingmentioning

confidence: 99%

Section: Device Cloningmentioning

confidence: 99%

“…There are some forms of authentication attacks that crack the shared keys exchanged in the pairing process [105] and they are as follows:…”

Section: ) Device Authentication (Bonding) Attackmentioning

confidence: 99%

Section: ) Fuzzing Attackmentioning

confidence: 99%

See 2 more Smart Citations

Security and Privacy Threats for Bluetooth Low Energy in IoT and Wearable Devices: A Comprehensive Survey

Barua

Alamin

Hossain

et al. 2022

IEEE Open J. Commun. Soc.

View full text Add to dashboard Cite

show abstract

“…Both studies have provided foundational insight concerning devices’ security implementations. Ray et al [ 18 ] discuss possible attacks on BLE field devices relevant for industrial automation and present a framework for defining and executing security attacks. They evaluate their framework on three BLE devices (SensorTag from Texas Instrument, Waspmote from Libelium, and a product prototype developed in-house) and conclude all three to be vulnerable.…”

Section: Bluetooth Low Energy Protocol and Securitymentioning

confidence: 99%

On the Security of Bluetooth Low Energy in Two Consumer Wearable Heart Rate Monitors/Sensing Devices

Peker

Bello

Pérez

2022

Sensors

View full text Add to dashboard Cite

Since its inception in 2013, Bluetooth Low Energy (BLE) has become the standard for short-distance wireless communication in many consumer devices, as well as special-purpose devices. In this study, we analyze the security features available in Bluetooth LE standards and evaluate the features implemented in two BLE wearable devices (a Fitbit heart rate wristband and a Polar heart rate chest wearable) and a BLE keyboard to explore which security features in the BLE standards are implemented in the devices. In this study, we used the ComProbe Bluetooth Protocol Analyzer, along with the ComProbe software to capture the BLE traffic of these three devices. We found that even though the standards provide security mechanisms, because the Bluetooth Special Interest Group does not require that manufacturers fully comply with the standards, some manufacturers fail to implement proper security mechanisms. The circumvention of security in Bluetooth devices could leak private data that could be exploited by rogue actors/hackers, thus creating security, privacy, and, possibly, safety issues for consumers and the public. We propose the design of a Bluetooth Security Facts Label (BSFL) to be included on a Bluetooth/BLE enabled device’s commercial packaging and conclude that there should be better mechanisms for informing users about the security and privacy provisions of the devices they acquire and use and to educate the public on protection of their privacy when buying a connected device.

show abstract

SoK: A Systematic Literature Review of Bluetooth Security Threats and Mitigation Measures

Shrestha

Irby

Thapa

et al. 2022

Communications in Computer and Information Science

View full text Add to dashboard Cite

Bluetooth Low Energy Devices Security Testing Framework

Cited by 12 publications

References 6 publications

Security and Privacy Threats for Bluetooth Low Energy in IoT and Wearable Devices: A Comprehensive Survey

Security and Privacy Threats for Bluetooth Low Energy in IoT and Wearable Devices: A Comprehensive Survey

On the Security of Bluetooth Low Energy in Two Consumer Wearable Heart Rate Monitors/Sensing Devices

SoK: A Systematic Literature Review of Bluetooth Security Threats and Mitigation Measures

Contact Info

Product

Resources

About