A Robust Algorithm for Sniffing BLE Long-Lived Connections in Real-time
This addresses security and privacy vulnerabilities in BLE-embedded IoT devices, though it is incremental as it builds on existing sniffing methods.
The paper tackles the problem of sniffing Bluetooth Low Energy (BLE) long-lived connections, which existing attacks fail to handle, by developing real-time algorithms that achieve over 80% sniffing accuracy and better stability compared to state-of-the-art schemes.
Bluetooth Low Energy (BLE) has become an intrinsic wireless technology for the Internet of Things (IoT). With the proliferation of BLE-embedded IoT devices, it is important to study the security and privacy implications of BLE. The forefront attack to BLE devices is the wireless sniffing attack, which would lead to more detrimental threats like jamming, encryption cracking or system penetration. Existing sniffing attacks are based on the correct detection of BLE connection initiation state, but they become ineffective for BLE long-lived connections. In this paper, we focus on the adversary setting with a low-cost single radio and develop a suite of real-time algorithms to determine the key parameters necessary to follow and sniff a BLE connection in the connected state. We implement our algorithms in the open source platform -Ubertooth One and evaluate its performance in terms of sniffing overhead and accuracy. By comparing with state-of-the-art schemes, experimental results show that our sniffer achieves much higher sniffing accuracy (over 80\%) and better stability to BLE operational dynamics.