Abstract
Bluetooth low energy (BLE) is a variant of the Bluetooth technology and commonly adopted by internet of things applications designed for devices with limited resources, which results in weak mechanisms of cryptography to create and exchange keys. Some attacks are based on forcing the key renegotiation of paired devices. Existing literature proposes the use of packet injection and even jamming devices to do so. This paper presents a novel technique, called BLE injection-free attack, which aims to force the key renegotiation of devices. This technique exploits properties of the bonding list of devices and its defenses. The BLE injection-free attack enables man-in-the-middle and denial of service attacks to be carried out, depending on the BLE implementation. Our experimental results show that even when the key renegotiation cannot be forced, the functioning of the targeted device is still compromised.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Journal of Ambient Intelligence and Humanized Computing
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
