Abstract
Bluetooth devices have integrated into our everyday lives such that we see an increase in wearable technologies. Users of these devices are often unaware of the security vulnerabilities that come with the use of Bluetooth. To this aid, we provide a comprehensive analysis of the security attacks and ways for users to mitigate these attacks focusing on Bluetooth technologies by reviewing prior literature. Here we analyze \(N = 48\) peer-reviewed academic articles published in ACM and IEEE Digital Libraries. We investigate Bluetooth-specific attacks such as BlueSnarfing, Man-in-the-Middle for wearable technologies, MAC Address Spoofing, BLE-specific attacks, and others. Additionally, we analyze the papers detailing the malware targeting Bluetooth devices and compare our results with previous 15 prior systematization of knowledge (SoK) papers on Bluetooth attacks and mitigation measures. Additionally, in our review, we also provide a detailed analysis of the suggested mitigating measures, which include removing, repairing, or deleting access to devices that are no longer in use, utilizing Personal Identification Number (PIN) for user authentication, and other solutions. Thereafter, we conclude by providing actionable recommendations focused on wearable technology users.
Esa Irby and Raghav Thapa contributed equally in the project, thus they are joint second authors of this paper.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 40–46 (1999). https://doi.org/10.1145/322796.322806
Albahar, M.A., Haataja, K., Toivanen, P.: Bluetooth MITM vulnerabilities: a literature review, novel attack scenarios, novel countermeasures, and lessons learned. Int. J. Inf. Technol. Secur. 8(4), 25–49 (2016)
Albazrqaoe, W., Huang, J., **ng, G.: Practical bluetooth traffic sniffing: systems and privacy implications. In: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services, MobiSys 2016, p. 333–345. Association for Computing Machinery, New York (2016)
Albazrqaoe, W., Huang, J., **ng, G.: A practical Bluetooth traffic sniffing system: design, implementation, and countermeasure. IEEE/ACM Trans. Netw. 27(1), 71–84 (2019). https://doi.org/10.1109/TNET.2018.2880970
Alfaiate, J., Fonseca, J.: Bluetooth security analysis for mobile phones. In: 7th Iberian Conference on Information Systems and Technologies (CISTI 2012), pp. 1–6 (2012)
Almiani, M., et al.: Bluetooth application-layer packet-filtering for blueborne attack defending. In: 2019 Fourth International Conference on Fog and Mobile Edge Computing (FMEC), pp. 142–148 (2019). https://doi.org/10.1109/FMEC.2019.8795354
Antonioli, D., Tippenhauer, N.O., Rasmussen, K.: Key negotiation downgrade attacks on Bluetooth and Bluetooth low energy. ACM Trans. Priv. Secur. 23(3), 1–28 (2020). https://doi.org/10.1145/3394497
Arney, T.O.: A literature review on the current state of security and privacy of medical devices and sensors with Bluetooth low energy. Ph.D. thesis, Michigan Technological University (2018)
Bitton, R., Boymgold, K., Puzis, R., Shabtai, A.: Evaluating the information security awareness of smartphone users. In: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, pp. 1–13 (2020)
Bouhenguel, R., Mahgoub, I., Ilyas, M.: Bluetooth security in wearable computing applications. In: 2008 International Symposium on High Capacity Optical Networks and Enabling Technologies, pp. 182–186 (2008). https://doi.org/10.1109/HONET.2008.4810232
Carettoni, L., Merloni, C., Zanero, S.: Studying Bluetooth malware propagation: the bluebag project. IEEE Secur. Priv. 5(2), 17–25 (2007). https://doi.org/10.1109/MSP.2007.43
Classen, J., Hollick, M.: Happy MitM: fun and toys in every Bluetooth device. In: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2021, pp. 72–77. Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3448300.3467822
Cope, P., Campbell, J., Hayajneh, T.: An investigation of Bluetooth security vulnerabilities. In: 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC), pp. 1–7 (2017). https://doi.org/10.1109/CCWC.2017.7868416
Das, S., Kim, A., Tingle, Z., Nippert-Eng, C.: All about phishing exploring user research through a systematic literature review. In: Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019) (2019)
Das, S., Wang, B., Tingle, Z., Camp, L.J.: Evaluating user perception of multi-factor authentication: a systematic review. In: Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019) (2019)
Dell, P., Ghori, K.S.H.: A simple way to improve the security of Bluetooth devices. In: 2008 International Symposium on Applications and the Internet, pp. 444–447 (2008). https://doi.org/10.1109/SAINT.2008.39
Dunning, J.: Taming the blue beast: a survey of Bluetooth based threats. IEEE Secur. Priv. 8(2), 20–27 (2010). https://doi.org/10.1109/MSP.2010.3
Ficco, M., D’Arienzo, M., D’Angelo, G.: A Bluetooth infrastructure for automatic services access in ubiquitous and nomadic computing environments. In: Proceedings of the 5th ACM International Workshop on Mobility Management and Wireless Access, pp. 17–24. Association for Computing Machinery, New York (2007). https://doi.org/10.1145/1298091.1298095
Ghallali, M., El Ouadghiri, D., Essaaidi, M., Boulmalf, M.: Mobile phones security: the spread of malware via MMS and Bluetooth, prevention methods. In: Proceedings of the 9th International Conference on Advances in Mobile Computing and Multimedia, pp. 256–259 (2011)
Ghori, M.R., Wan, T.C., Anbar, M., Sodhy, G.C., Rizwan, A.: Review on security in Bluetooth low energy mesh network in correlation with wireless mesh network security. In: 2019 IEEE Student Conference on Research and Development (SCOReD), pp. 219–224. IEEE (2019)
Grace, P., Surridge, M.: Towards a model of user-centered privacy preservation. In: Proceedings of the 12th International Conference on Availability, Reliability and Security, ARES 2017. Association for Computing Machinery, New York (2017). https://doi.org/10.1145/3098954.3104054
Guo, Z., Harris, I.G., Jiang, Y., Tsaur, L.: An efficient approach to prevent battery exhaustion attack on BLE-based mesh networks. In: 2017 International Conference on Computing, Networking and Communications (ICNC), pp. 1–5 (2017). https://doi.org/10.1109/ICCNC.2017.7876092
Haataja, K., Hyppönen, K., Pasanen, S., Toivanen, P.: MITM attacks on Bluetooth. In: Haataja, K., Hyppönen, K., Pasanen, S., Toivanen, P. (eds.) Bluetooth Security Attacks. BRIEFSCOMPUTER, pp. 61–70. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40646-1_5
Haataja, K., Hypponen, K., Toivanen, P.: Ten years of Bluetooth security attacks: lessons learned. Computer Science I Like, p. 45 (2011)
Haataja, K.M.J.: New efficient intrusion detection and prevention system for Bluetooth networks. In: Proceedings of the 1st International Conference on MOBILe Wireless MiddleWARE, Operating Systems, and Applications, MOBILWARE 2008. ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), Brussels (2008)
Hager, C.T., Midkiff, S.F.: An analysis of Bluetooth security vulnerabilities. In: 2003 IEEE Wireless Communications and Networking, WCNC 2003, vol. 3, pp. 1825–1831 (2003). https://doi.org/10.1109/WCNC.2003.1200664
Hale, M.L., Lotfy, K., Gamble, R.F., Walter, C., Lin, J.: Develo** a platform to evaluate and assess the security of wearable devices. Digit. Commun. Netw. 5(3), 147–159 (2019)
Hassan, S.S., Bibon, S.D., Hossain, M.S., Atiquzzaman, M.: Security threats in Bluetooth technology. Comput. Secur. 74, 308–322 (2018)
Heinze, D., Classen, J., Rohrbach, F.: MagicPairing: Apple’s take on securing Bluetooth peripherals. In: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 111–121 (2020)
Hunt, R.: Emerging wireless personal area networks (WPANs): - an analysis of techniques, tools and threats. In: 2012 18th IEEE International Conference on Networks (ICON), pp. 274–279 (2012). https://doi.org/10.1109/ICON.2012.6506569
Jamaluddin, J., Zotou, N., Edwards, R., Coulton, P.: Mobile phone vulnerabilities: a new generation of malware. In: 2004 IEEE International Symposium on Consumer Electronics, pp. 199–202 (2004). https://doi.org/10.1109/ISCE.2004.1375935
Jonsson, H., Olsson, C.M.: User privacy attitudes regarding proximity sensing. In: Proceedings of the 13th International Conference on Availability, Reliability and Security, ARES 2018. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3230833.3233270
Karim, I., Cicala, F., Hussain, S.R., Chowdhury, O., Bertino, E.: Opening Pandora’s box through ATFuzzer: dynamic analysis of at interface for Android smartphones. In: Proceedings of the 35th Annual Computer Security Applications Conference, pp. 529–543 (2019)
Karim, I., Cicala, F., Hussain, S.R., Chowdhury, O., Bertino, E.: ATFuzzer: dynamic analysis framework of AT interface for Android smartphones. Digit. Threats Res. Pract. 1(4), 1–29 (2020)
Kaur, S.: How to secure our Bluetooth insecure world! Pushing frontiers with the first lady of emerging technologies. IETE Tech. Rev. 30(2), 95–101 (2013)
Kennedy, T., Hunt, R.: A review of WPAN security: attacks and prevention. In: Proceedings of the International Conference on Mobile Technology, Applications, and Systems, Mobility 2008. Association for Computing Machinery, New York (2008). https://doi.org/10.1145/1506270.1506342
Lee, H., Choi, K., Chung, K., Kim, J., Yim, K.: Fuzzing can packets into automobiles. In: 2015 IEEE 29th International Conference on Advanced Information Networking and Applications, pp. 817–821 (2015). https://doi.org/10.1109/AINA.2015.274
Lonzetta, A.M., Cope, P., Campbell, J., Mohd, B.J., Hayajneh, T.: Security vulnerabilities in Bluetooth technology as used in IoT. J. Sens. Actuator Netw. 7(3), 28 (2018)
Jones, J.M., Duezguen, R., Mayer, P., Volkamer, M., Das, S.: A literature review on virtual reality authentication. In: Furnell, S., Clarke, N. (eds.) HAISA 2021. IAICT, vol. 613, pp. 189–198. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81111-2_16
Majumdar, R., Das, S.: SoK: an evaluation of quantum authentication through systematic literature review. In: Proceedings of the Workshop on Usable Security and Privacy (USEC) (2021)
Mantz, D., Classen, J., Schulz, M., Hollick, M.: InternalBlue-Bluetooth binary patching and experimentation framework. In: Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services, pp. 79–90 (2019)
Minar, N.B.N.I., Tarique, M.: Bluetooth security threats and solutions: a survey. Int. J. Distrib. Parallel Syst. 3(1), 127 (2012)
Noah, N., Das, S.: Exploring evolution of augmented and virtual reality education space in 2020 through systematic literature review. Comput. Animation Virtual Worlds 32(3–4), e2020 (2021)
O’Connor, T.J., Sangster, B.: HoneyM: a framework for implementing virtual honeyclients for mobile devices. In: Proceedings of the Third ACM Conference on Wireless Network Security, WiSec 2010, pp. 129–138. Association for Computing Machinery, New York (2010). https://doi.org/10.1145/1741866.1741888
Oliff, W., Filippoupolitis, A., Loukas, G.: Evaluating the impact of malicious spoofing attacks on Bluetooth low energy based occupancy detection systems. In: 2017 IEEE 15th International Conference on Software Engineering Research, Management and Applications (SERA), pp. 379–385. IEEE (2017)
Oliff, W., Filippoupolitis, A., Loukas, G.: Impact evaluation and detection of malicious spoofing attacks on BLE based occupancy detection systems. In: Proceedings of the 1st International Conference on Internet of Things and Machine Learning, IML 2017. Association for Computing Machinery, New York (2017). https://doi.org/10.1145/3109761.3109776
Pallavi, S., Narayanan, V.A.: An overview of practical attacks on BLE based IoT devices and their security. In: 2019 5th International Conference on Advanced Computing & Communication Systems (ICACCS), pp. 694–698. IEEE (2019)
Panigrahy, S.K., Jena, S.K., Turuk, A.K.: Security in Bluetooth, RFID and wireless sensor networks. In: Proceedings of the 2011 International Conference on Communication, Computing & Security, pp. 628–633 (2011)
Panse, T., Panse, P.: A survey on security threats and vulnerability attacks on Bluetooth communication. Int. J. Comput. Sci. Inf. Technol. 4(5), 741–746 (2013)
Peters, T., Lal, R., Varadarajan, S., Pappachan, P., Kotz, D.: BASTION-SGX: Bluetooth and architectural support for trusted I/O on SGX. In: Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3214292.3214295
Podhradsky, A.L., Casey, C., Ceretti, P.: The Bluetooth honeypot project. In: Wireless Telecommunications Symposium 2012, pp. 1–10 (2012). https://doi.org/10.1109/WTS.2012.6266078
Qu, Y., Chan, P.: Assessing vulnerabilities in Bluetooth low energy (BLE) wireless network based IoT systems. In: 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS), pp. 42–48 (2016). https://doi.org/10.1109/BigDataSecurity-HPSC-IDS.2016.63
Ray, A., Raj, V., Oriol, M., Monot, A., Obermeier, S.: Bluetooth low energy devices security testing framework. In: 2018 IEEE 11th International Conference on Software Testing, Verification and Validation (ICST), pp. 384–393 (2018). https://doi.org/10.1109/ICST.2018.00045
Rijah, U.M., Mosharani, S., Amuthapriya, S., Mufthas, M., Hezretov, M., Dhammearatchi, D.: Bluetooth security analysis and solution. Int. J. Sci. Res. Publ. 6(4), 333–338 (2016)
Saltzstein, W.: Bluetooth wireless technology cybersecurity and diabetes technology devices. J. Diabetes Sci. Technol. 14(6), 1111–1115 (2020)
Sandhya, S., Devi, K.S.: Contention for man-in-the-middle attacks in Bluetooth networks. In: 2012 Fourth International Conference on Computational Intelligence and Communication Networks, pp. 700–703. IEEE (2012)
Sethi, M., Peltonen, A., Aura, T.: Misbinding attacks on secure device pairing and bootstrap**. In: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, pp. 453–464. Association for Computing Machinery, New York (2019)
Shaked, Y., Wool, A.: Cracking the Bluetooth pin. In: Proceedings of the 3rd International Conference on Mobile Systems, Applications, and Services, pp. 39–50. Association for Computing Machinery, New York (2005)
Singelée, D., Preneel, B.: Location privacy in wireless personal area networks. In: Proceedings of the 5th ACM Workshop on Wireless Security, pp. 11–18 (2006)
Snader, R., Kravets, R., Harris, A.F.: CryptoCoP: lightweight, energy-efficient encryption and privacy for wearable devices. In: Proceedings of the 2016 Workshop on Wearable Systems and Applications, WearSys 2016, pp. 7–12. Association for Computing Machinery, New York (2016). https://doi.org/10.1145/2935643.2935647
Stowell, E., et al.: Designing and evaluating mHealth interventions for vulnerable populations: a systematic review. In: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, pp. 1–17 (2018)
Streiff, J., Das, S., Cannon, J.: Overpowered and underprotected toys empowering parents with tools to protect their children. In: 2019 IEEE 5th International Conference on Collaboration and Internet Computing (CIC), pp. 322–329 (2019). https://doi.org/10.1109/CIC48465.2019.00045
Su, J., et al.: A preliminary investigation of worm infections in a Bluetooth environment. In: Proceedings of the 4th ACM Workshop on Recurring Malcode, pp. 9–16. Association for Computing Machinery, New York (2006)
Sun, D.Z., Mu, Y., Susilo, W.: Man-in-the-middle attacks on secure simple pairing in Bluetooth standard V5.0 and its countermeasure. Pers. Ubiquit. Comput. 22(1), 55–67 (2018). https://doi.org/10.1007/s00779-017-1081-6
Tan, M., Masagca, K.A.: An investigation of Bluetooth security threats. In: 2011 International Conference on Information Science and Applications, pp. 1–7. IEEE (2011)
Velez, D., Shanblatt, M.: Taxonomy of current medical devices for POCT applications and the potential acceptance of Bluetooth technology for secure interoperable applications. In: 2011 IEEE 13th International Conference on e-Health Networking, Applications and Services, pp. 288–295 (2011). https://doi.org/10.1109/HEALTH.2011.6026767
Walter, C., Hale, M.L., Gamble, R.F.: Imposing security awareness on wearables. In: Proceedings of the 2nd International Workshop on Software Engineering for Smart Cyber-Physical Systems, SEsCPS 2016, pp. 29–35. Association for Computing Machinery, New York (2016). https://doi.org/10.1145/2897035.2897038
Wang, J., Hu, F., Zhou, Y., Liu, Y., Zhang, H., Liu, Z.: BlueDoor: breaking the secure information flow via BLE vulnerability. In: Proceedings of the 18th International Conference on Mobile Systems, Applications, and Services, MobiSys 2020, pp. 286–298. Association for Computing Machinery, New York (2020). https://doi.org/10.1145/3386901.3389025
Willingham, T., Henderson, C., Kiel, B., Haque, M.S., Atkison, T.: Testing vulnerabilities in Bluetooth low energy. In: Proceedings of the ACMSE 2018 Conference, ACMSE 2018. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3190645.3190693
Woodhouse, S.: Information security: end user behavior and corporate culture. In: 7th IEEE International Conference on Computer and Information Technology (CIT 2007), pp. 767–774 (2007). https://doi.org/10.1109/CIT.2007.186
Yamamoto, D., Tanaka, R., Kajioka, S., Matsuo, H., Takahashi, N.: Global map matching using BLE beacons for indoor route and stay estimation. In: Proceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems, SIGSPATIAL 2018, pp. 309–318. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3274895.3274918
Yan, G., Eidenbenz, S.: Bluetooth worms: models, dynamics, and defense implications. In: 2006 22nd Annual Computer Security Applications Conference (ACSAC 2006), pp. 245–256 (2006). https://doi.org/10.1109/ACSAC.2006.18
Yan, Z., et al.: Finding the weakest links in the weakest link: how well do undergraduate students make cybersecurity judgment? Comput. Hum. Behav. 84, 375–382 (2018). https://doi.org/10.1016/j.chb.2018.02.019. https://www.sciencedirect.com/science/article/pii/S0747563218300773
Yaseen, M., et al.: MARC: a novel framework for detecting MITM attacks in eHealthcare BLE systems. J. Med. Syst. 43(11), 1–18 (2019). https://doi.org/10.1007/s10916-019-1440-0
Zubair, M., Unal, D., Al-Ali, A., Shikfa, A.: Exploiting Bluetooth vulnerabilities in e-health IoT devices. In: Proceedings of the 3rd International Conference on Future Networks and Distributed Systems. Association for Computing Machinery, New York (2019)
Acknowledgement
We would like to acknowledge the Inclusive Security and Privacy-focused Innovative Research in Information Technology: InSPIRIT lab at the University of Denver. We would also like to thank Lucas McLeod for their initial contribution on the editing of the paper. Any opinions, findings, and conclusions or recommendations expressed in this material are solely those of the authors and do not necessarily reflect the views of the University of Denver.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Shrestha, S., Irby, E., Thapa, R., Das, S. (2022). SoK: A Systematic Literature Review of Bluetooth Security Threats and Mitigation Measures. In: Meng, W., Katsikas, S.K. (eds) Emerging Information Security and Applications. EISA 2021. Communications in Computer and Information Science, vol 1403. Springer, Cham. https://doi.org/10.1007/978-3-030-93956-4_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-93956-4_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-93955-7
Online ISBN: 978-3-030-93956-4
eBook Packages: Computer ScienceComputer Science (R0)