Bluetooth Low Energy (BLE) has become the de facto communication protocol for Internet of Things (IoT) and smart wearable devices for its ultra-low energy consummation, ease of development, good enough network coverage, and data transfer speed. Due to the simplified design of this protocol, there have been lots of security and privacy vulnerabilities. As billions of health care, personal fitness wearable, smart lock, industrial automation devices adopt this technology for communication, its vulnerabilities should be dealt with high priority. Some segregated works on BLE were performed focusing various vulnerabilities, such as the insecure implementation of encryption, device authentication, user privacy, etc. However, there has been no comprehensive survey on the security vulnerabilities of this protocol. In this survey paper, we have presented a complete taxonomy of security and privacy issues of BLE. We have presented possible attack scenarios for different types of vulnerabilities, classified them according to their severity, and listed possible mitigation techniques. We have also provided case studies of these exploits on real BLE devices. Thus, we provide a complete manual of BLE security architecture for researchers, developers, and practitioners who are interested in contributing to improve this protocol. Our survey work highlights the importance of developing secured privacy preserved, feature-rich smart wearable, and IoT devices that will enrich our lives.
Supplementary notes can be added here, including code and math.