Security and Privacy Threats for Bluetooth Low Energy in IoT and Wearable Devices: A Comprehensive Survey

Bluetooth Low Energy (BLE) has become the de facto communication protocol for the Internet of Things (IoT) and smart wearable devices for its ultra-low energy consumption, ease of development, good enough network coverage, and data transfer speed. Due to the simplified design of this protocol, there have been lots of security and privacy vulnerabilities. As billions of health care, personal fitness wearable, smart lock, industrial automation devices adopt this technology for communication, its vulnerabilities should be dealt with high priority. Some segregated works on BLE were performed focusing on various vulnerabilities, such as the insecure implementation of encryption, device authentication, user privacy, etc. However, there has been no comprehensive survey on the security vulnerabilities of this protocol. In this survey paper, we present a comprehensive taxonomy for the security and privacy issues of BLE. We present possible attack scenarios for different types of vulnerabilities, classify them according to their severity, and list possible mitigation techniques. We also provide case studies regarding how different vulnerabilities can be exploited in real BLE devices.