Abstract
Since its inception in 2013, Bluetooth Low Energy (BLE) has become the standard for short-distance wireless communication in many consumer devices, as well as special-purpose devices. In this study, we analyze the security features available in Bluetooth LE standards and evaluate the features implemented in two BLE wearable devices (a Fitbit heart rate wristband and a Polar heart rate chest wearable) and a BLE keyboard to explore which security features in the BLE standards are implemented in the devices. In this study, we used the ComProbe Bluetooth Protocol Analyzer, along with the ComProbe software to capture the BLE traffic of these three devices. We found that even though the standards provide security mechanisms, because the Bluetooth Special Interest Group does not require that manufacturers fully comply with the standards, some manufacturers fail to implement proper security mechanisms. The circumvention of security in Bluetooth devices could leak private data that could be exploited by rogue actors/hackers, thus creating security, privacy, and, possibly, safety issues for consumers and the public. We propose the design of a Bluetooth Security Facts Label (BSFL) to be included on a Bluetooth/BLE enabled device’s commercial packaging and conclude that there should be better mechanisms for informing users about the security and privacy provisions of the devices they acquire and use and to educate the public on protection of their privacy when buying a connected device.
Highlights
Bluetooth LE (Low Energy), otherwise known as Bluetooth Smart, has seen widespread adoption in various technological fields since its release in 2010
Because the Bluetooth Low Energy (BLE) devices attempt to be compatible when connecting, they may use the lowest set of Bluetooth security features available between both devices, even though advance Bluetooth security features may be available to one device, these advanced features may not be used during a connection
We conducted a study of the Bluetooth Low Energy security features of two heart rate consumer wearables, namely a Fitbit Charge and a Polar H7 wearable, and a BLE Bluebyte keyboard
Summary
Bluetooth LE (Low Energy), otherwise known as Bluetooth Smart, has seen widespread adoption in various technological fields since its release in 2010. From Apple Watches to heart rate sensors, Bluetooth LE serves as a communication technology with a low energy consumption cost. LE community, have become commonplace [1]. Bluetooth LE is used for occupancy tracking in office spaces [2], emergency management in buildings [3], smart energy management [4], and many other applications [5]. LE technology (including smart phones and other wearables), questions of its security arise. Considering the type of data that can be transmitted between Low Energy devices, which can range from heartbeats to geolocation data, security and privacy concerns must be considered when acquiring a BLE device
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
