Security Vulnerabilities in Bluetooth Technology as Used in IoT

Bluetooth technology is a key component of wireless communications. It provides a low-energy and low-cost solution for short-range radio transmissions. Bluetooth, more specifically Bluetooth Low Energy (BLE) has become the predominant technology for connecting IoT (Internet of Things). It can be found in cell phones, headsets, speakers, printers, keyboards, automobiles, children’s toys, and medical devices, as well as many other devices. The technology can also be found in automated smart homes, to provide monitors and controls for lights, thermostats, door locks, appliances, security systems, and cameras. Bluetooth offers convenience and ease of use, but it lacks a centralized security infrastructure. As a result, it has serious security vulnerabilities, and the need for awareness of the security risks are increasing as the technology becomes more widespread. This paper presents an overview of Bluetooth technology in IoT including its security, vulnerabilities, threats, and risk mitigation solutions, as well as real-life examples of exploits. Our study highlights the importance of understanding attack risks and mitigation techniques involved with using Bluetooth technology on our devices. Real-life examples of recent Bluetooth exploits are presented. Several recommended security measures are discussed to secure Bluetooth communication.

[1]  Chatschik Bisdikian,et al.  An overview of the Bluetooth wireless technology , 2001, IEEE Commun. Mag..

[2]  Karen A. Scarfone,et al.  Guide to Bluetooth Security , 2008 .

[3]  Ong Bi Lynn,et al.  Internet of Things (IoT): Taxonomy of security attacks , 2016, 2016 3rd International Conference on Electronic Design (ICED).

[4]  Tal Melamed An active man-in-the-middle attack on bluetooth smart devices , 2018 .

[5]  Carles Gomez,et al.  Bluetooth Low Energy Mesh Networks: A Survey , 2017, Sensors.

[6]  Athanasios V. Vasilakos,et al.  A survey of wireless technologies coexistence in WBAN: analysis and open research issues , 2014, Wireless Networks.

[7]  Erina Ferro,et al.  Bluetooth and Wi-Fi wireless protocols: a survey and a comparison , 2005, IEEE Wireless Communications.

[8]  Stefano Zanero,et al.  Studying Bluetooth Malware Propagation: The BlueBag Project , 2007, IEEE Security & Privacy.

[9]  Eiji Okamoto,et al.  BlueSnarf Revisited: OBEX FTP Service Directory Traversal , 2011, Networking Workshops.

[10]  Lajos Hanzo,et al.  A Survey on Wireless Security: Technical Challenges, Recent Advances, and Future Trends , 2015, Proceedings of the IEEE.

[11]  Alfred Loo,et al.  Technical opinionSecurity threats of smart phones and Bluetooth , 2009, CACM.

[12]  United Arab Emirates,et al.  BLUETOOTH SECURITY THREATS AND SOLUTIONS : A SURVEY , 2012 .

[13]  Richard Hays,et al.  Blueprinting , 2013, The clinical teacher.

[14]  Sabih H. Gerez Implementation of Digital Signal Processing : Some Background on GFSK Modulation , 2013 .

[15]  Dirk Fox,et al.  Bluetooth Security , 2002, Datenschutz und Datensicherheit.

[16]  Mohammed Atiquzzaman,et al.  Security threats in Bluetooth technology , 2018, Comput. Secur..

[17]  Prof. SamtaGajbhiye,et al.  A NOVEL BLUETOOTH MAN-INTHE-MIDDLE ATTACK BASED ON SSP USING OOB ASSOCIATION MODEL , 2016 .

[18]  Susan Lacefield I CAN HEAR YOU NOW , 2004 .

[19]  Ramiro Jordan,et al.  Wireless communications and networking: an overview , 2002 .

[20]  Sue Price,et al.  Everything you need to know. , 2003, Nursing standard (Royal College of Nursing (Great Britain) : 1987).

[21]  N. Gunasekaran,et al.  Bluetooth in wireless communication , 2002 .

[22]  Avishai Wool,et al.  Cracking the Bluetooth PIN , 2005, MobiSys '05.

[23]  Trishna Panse,et al.  A Survey on Security Threats and Vulnerability attacks on Bluetooth Communication , 2013 .

[24]  Robin Kravets,et al.  Bluetooth Low Energy in Dense IoT Environments , 2016, IEEE Communications Magazine.

[25]  Thaier Hayajneh,et al.  An investigation of Bluetooth security vulnerabilities , 2017, 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC).

[26]  K. Saravanan,et al.  A Novel Bluetooth Man-In-The-Middle Attack Based On SSP using OOB Association model , 2012, ArXiv.

[27]  Jaydip Sen,et al.  Security and Privacy Challenges in Cognitive Wireless Sensor Networks , 2013, ArXiv.