BLE injection-free attack: a novel attack on bluetooth low energy devices

Abstract

Bluetooth low energy (BLE) is a variant of the Bluetooth technology and commonly adopted by internet of things applications designed for devices with limited resources, which results in weak mechanisms of cryptography to create and exchange keys. Some attacks are based on forcing the key renegotiation of paired devices. Existing literature proposes the use of packet injection and even jamming devices to do so. This paper presents a novel technique, called BLE injection-free attack, which aims to force the key renegotiation of devices. This technique exploits properties of the bonding list of devices and its defenses. The BLE injection-free attack enables man-in-the-middle and denial of service attacks to be carried out, depending on the BLE implementation. Our experimental results show that even when the key renegotiation cannot be forced, the functioning of the targeted device is still compromised.