BLE Protocol in IoT Devices and Smart Wearable Devices: Security and Privacy Threats

TL;DR

This paper analyzes security and privacy vulnerabilities in BLE protocols used in IoT and wearable devices, proposing a threat modeling framework and mitigation strategies based on STRIDE to address various attack scenarios.

Contribution

It introduces a comprehensive security analysis framework using STRIDE for IoT-BLE devices and evaluates specific attack scenarios on popular wearable devices.

Findings

Identified multiple attack vectors including spoofing and DoS.

Demonstrated vulnerabilities in popular wearable devices.

Proposed mitigation strategies for BLE security threats.

Abstract

Bluetooth Low Energy (BLE) has become the primary transmission media due to its extremely low energy consumption, good network scope, and data transfer speed for the Internet of Things (IoT) and smart wearable devices. With the exponential boom of the Internet of Things (IoT) and the Bluetooth Low Energy (BLE) connection protocol, a requirement to discover defensive techniques to protect it with practical security analysis. Unfortunately, IoT-BLE is at risk of spoofing assaults where an attacker can pose as a gadget and provide its users a harmful information. Furthermore, due to the simplified strategy of this protocol, there were many security and privacy vulnerabilities. Justifying this quantitative security analysis with STRIDE Methodology change to create a framework to deal with protection issues for the IoT-BLE sensors. Therefore, providing probable attack scenarios for various exposures in this analysis, and offer mitigating strategies. In light of this authors performed STRIDE threat modeling to understand the attack surface for smart wearable devices supporting BLE. The study evaluates different exploitation scenarios Denial of Service (DoS), Elevation of privilege, Information disclosure, spoofing, Tampering, and repudiation on MI Band, One plus Band, Boat Storm smartwatch, and Fire Bolt Invincible.