Bluetooth Low Energy: Secure or Unsecure?
Primary Faculty Mentor’s Name
Yesem Peker
Session Format
Oral (max. 15 minutes)
Abstract
In this paper, we analyze the architecture and security features available in Bluetooth Low Energy (LE) by applying it to commercially available LE devices and investigating the implemented security measures. Upon analysis, we find that the used devices do not implement any security features available in LE devices; this includes address randomization, encryption, and authentication. The lack of randomization allows device tracking, and the lack of encryption poses serious privacy concerns for user data. Upon further analysis, we find the main device and the third-party application used in tandem with it are responsible for the absent security implementation.
Keywords
Bluetooth, Bluetooth Low Energy, security, encryption, authentication, randomization, device tracking, privacy concerns
Presentation Year
2017
Publication Type and Release Option
Event
Bluetooth Low Energy: Secure or Unsecure?
In this paper, we analyze the architecture and security features available in Bluetooth Low Energy (LE) by applying it to commercially available LE devices and investigating the implemented security measures. Upon analysis, we find that the used devices do not implement any security features available in LE devices; this includes address randomization, encryption, and authentication. The lack of randomization allows device tracking, and the lack of encryption poses serious privacy concerns for user data. Upon further analysis, we find the main device and the third-party application used in tandem with it are responsible for the absent security implementation.