# A Robust Algorithm for Sniffing BLE Long-Lived Connections in Real-time

**Authors:** Sopan Sarkar, Jianqing Liu, Emil Jovanov

arXiv: 1907.12782 · 2019-07-31

## TL;DR

This paper presents a real-time, robust BLE sniffing algorithm capable of effectively intercepting long-lived BLE connections, addressing limitations of previous methods and enhancing security testing capabilities.

## Contribution

The authors develop a suite of algorithms for real-time BLE connection sniffing that work effectively on low-cost hardware and improve accuracy over existing schemes.

## Key findings

- Achieves over 80% sniffing accuracy
- Demonstrates higher stability to BLE dynamics
- Outperforms state-of-the-art schemes in experiments

## Abstract

Bluetooth Low Energy (BLE) has become an intrinsic wireless technology for the Internet of Things (IoT). With the proliferation of BLE-embedded IoT devices, it is important to study the security and privacy implications of BLE. The forefront attack to BLE devices is the wireless sniffing attack, which would lead to more detrimental threats like jamming, encryption cracking or system penetration. Existing sniffing attacks are based on the correct detection of BLE connection initiation state, but they become ineffective for BLE long-lived connections. In this paper, we focus on the adversary setting with a low-cost single radio and develop a suite of real-time algorithms to determine the key parameters necessary to follow and sniff a BLE connection in the connected state. We implement our algorithms in the open source platform -Ubertooth One and evaluate its performance in terms of sniffing overhead and accuracy. By comparing with state-of-the-art schemes, experimental results show that our sniffer achieves much higher sniffing accuracy (over 80\%) and better stability to BLE operational dynamics.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1907.12782/full.md

## Figures

14 figures with captions in the complete paper: https://tomesphere.com/paper/1907.12782/full.md

## References

23 references — full list in the complete paper: https://tomesphere.com/paper/1907.12782/full.md

---
Source: https://tomesphere.com/paper/1907.12782