The applications of the Internet of Things (IoT) are becoming more diverse with the rapid development of wireless technology. Each type of IoT devices has to adopt the appropriate wireless technology in accordance with their application requirements. Among various wireless technologies, Bluetooth Low Energy (BLE) has become one of the most widely used wireless technology for IoT devices due to its low power consumption, low cost and feasibility on applications. BLE is used in many fields, including smart home, healthcare, entertainment and industry, etc.
BLE devices bring convenience to their users but also come with potential cyber security vulnerabilities that the users have to be aware of. Attackers may try to control the device, steal sensitive information from it, execute code remotely, or even cause other substantial damage. In addition, there is privacy concern related to BLE devices which may make the devices being tracked.
To this end, HKCERT recently completed a study on the security of BLE devices. Apart from identifying the types of attacks that such devices are subject to and the corresponding defence methods, it also conducted security analysis on their pairing and encryption, and privacy protection by testing some of them. Through the test results, we hope to illustrate relevant security issues and help to raise security awareness of BLE devices among product developers and general users. The study also introduced useful tips on strengthening the security of BLE devices.