Although IoT is already embedded in our everyday lives, our security and privacy are sometime left behind for comfort and other reasons, despite the serious impact that IoT vulnerabilities may have on our digital and physical security.
Bluetooth Low Energy (BLE), also known as Bluetooth Smart is the most popular protocol used for interfacing IoT and smart devices. Broadly used in the healthcare, fitness, security, and home-entertainment industries, nowadays we encounter BLE in almost every aspect of our lives (e.g. in wearables, sensors, medical devices, security products, etc.).
In this lecture I will survey key security issues in the BLE protocol, as well as presenting a possible architecture for BLE Man-in-the-Middle (MitM) attack together with the related necessary equipment. In addition, will introduce some of the available tools and how they can be used to perform penetration-testing on BLE applications and will discuss possible mitigations to secure them.