Bluetooth Low Energy: Secure or Unsecure?

Primary Faculty Mentor’s Name

Yesem Peker

Session Format

Oral (max. 15 minutes)

Abstract

In this paper, we analyze the architecture and security features available in Bluetooth Low Energy (LE) by applying it to commercially available LE devices and investigating the implemented security measures. Upon analysis, we find that the used devices do not implement any security features available in LE devices; this includes address randomization, encryption, and authentication. The lack of randomization allows device tracking, and the lack of encryption poses serious privacy concerns for user data. Upon further analysis, we find the main device and the third-party application used in tandem with it are responsible for the absent security implementation.

Keywords

Bluetooth, Bluetooth Low Energy, security, encryption, authentication, randomization, device tracking, privacy concerns

Presentation Year

2017

Publication Type and Release Option

Event

This document is currently not available here.

Share

COinS
 

Bluetooth Low Energy: Secure or Unsecure?

In this paper, we analyze the architecture and security features available in Bluetooth Low Energy (LE) by applying it to commercially available LE devices and investigating the implemented security measures. Upon analysis, we find that the used devices do not implement any security features available in LE devices; this includes address randomization, encryption, and authentication. The lack of randomization allows device tracking, and the lack of encryption poses serious privacy concerns for user data. Upon further analysis, we find the main device and the third-party application used in tandem with it are responsible for the absent security implementation.