Securing Bluetooth Low Energy: A Literature Review
Zhe Wang
TL;DR
This paper reviews Bluetooth Low Energy (BLE) as a low-power wireless technology and its security/privacy landscape. It synthesizes BLE architecture (stack, protocol layers, Security Manager), privacy mechanisms (RPAs/IRK), and a taxonomy of attacks (sniffing, MITM, DoS, bluejacking, bluesnarfing, bluebugging, malware). It also surveys defenses (authentication, encryption, updates, feature minimization, detection, education, segmentation, device management) and related IoT security work. The contribution is a structured, section-aligned synthesis to aid security researchers and practitioners in understanding BLE threats and defenses and to guide future research.
Abstract
Bluetooth Low Energy (BLE) technology, operating within the widely used 2.4 GHz ISM band, stands as a cornerstone in modern wireless communication frameworks alongside its classic Bluetooth counterpart. This paper delves into the foundational aspects of BLE, excluding niche components, to explore its core functionalities and pivotal role in diverse connectivity needs. BLE's specialization in catering to low-power devices ensures optimal energy utilization, making it indispensable in IoT applications where energy efficiency is paramount. Its versatility finds applications across consumer electronics, industrial automation, and healthcare, ensuring reliability and efficiency in safety-critical systems and enhancing user convenience through remote control capabilities. However, the wireless nature of BLE interfaces exposes them to cybersecurity threats, necessitating robust security measures for mitigating risks such as sniffing, DoS attacks, and message injection. Continuous research and development efforts are essential to stay ahead of emerging threats and safeguard BLE-enabled systems and data.