A comprehensive survey on Security and Privacy threats of Bluetooth Low Energy in IoT and Wearable devices

Image credit: Unsplash


Bluetooth Low Energy (BLE) has become the de facto communication protocol for Internet of Things (IoT) and smart wearable devices for its ultra-low energy consummation, ease of development, good enough network coverage, and data transfer speed. Due to the simplified design of this protocol, there have been lots of security and privacy vulnerabilities. As billions of health care, personal fitness wearable, smart lock, industrial automation devices adopt this technology for communication, its vulnerabilities should be dealt with high priority. Some segregated works on BLE were performed focusing various vulnerabilities, such as the insecure implementation of encryption, device authentication, user privacy, etc. However, there has been no comprehensive survey on the security vulnerabilities of this protocol. In this survey paper, we have presented a complete taxonomy of security and privacy issues of BLE. We have presented possible attack scenarios for different types of vulnerabilities, classified them according to their severity, and listed possible mitigation techniques. We have also provided case studies of these exploits on real BLE devices. Thus, we provide a complete manual of BLE security architecture for researchers, developers, and practitioners who are interested in contributing to improve this protocol. Our survey work highlights the importance of developing secured privacy preserved, feature-rich smart wearable, and IoT devices that will enrich our lives.

Journal of Source Themes, 1(1)
Click the Cite button above to demo the feature to enable visitors to import publication metadata into their reference management software.
Click the Slides button above to demo Academic’s Markdown slides feature.

Supplementary notes can be added here, including code and math.

Md Abdullah Al Alamin
Md Abdullah Al Alamin
Graduate Research Assistant

My research interests include Software Engineering, Software Security, Adversarial Machine Learning.