Bluetooth Low Energy: The IoT battle
Bluetooth Low Energy (BLE) is a wireless protocol designed to consume very little power. BLE networking is somewhat different to other known protocols built on top of TCP/IP. Today, BLE is implemented in many devices that require networking capabilities but are very constrained in energy consumption. The most well-known example of BLE-enabled devices are fitness trackers. These use their BLE interface to send fitness activity-related data to a BLE-enabled smartphone. However, BLE is also being implemented in more sensitive devices such as baby monitors, smartlocks, biometric authentication systems and health management devices. It is therefore necessary to understand the security implications and risks of using BLE as a means to communicate with other devices. This article provides a set of security guidelines, tools and considerations for anyone within an organisation who is considering acquiring or implementing BLE-enabled devices. Our guidelines cover a wide range of responsibilities, from the product manager to the most security-related, the penetration tester.