An active man-in-the-middle attack on bluetooth smart devices

In the last years, the Internet of Things (IoT) has become integral part of our lives and its influence is expected to exponentially increase in the next years. For several reasons, however, the development of IoT has not gone hand in hand with an adequate reinforcement and consolidation of our security and privacy, despite the serious impact that IoT vulnerabilities may have on our digital and physical security. Bluetooth Low Energy (BLE), also known as Bluetooth Smart, is the most popular protocol for interfacing smart devices, wearables, and medical equipment. This contribution surveys the key security issues in the BLE protocol and discusses a possible architecture for BLE Man-in-the-Middle (MitM) attacks together with the related necessary equipment. In addition, after introducing some of the available tools for hacking BLE, a case-study based on their use was presented, which describes a MitM attack between a Bluetooth smart device and its designated mobile app. The case-study well exemplifies how easily, given the required proximity to the target, a possible hacker can control the data and, in some instances, even the mobile device itself, when connecting it to a BLE device.