Over the last two years or so a large number of research papers and presentations on security flaws in BLE
devices came out. By far, the most prevalent hacks against BLE involve capturing handshakes, hard-coded keys and replay attacks.
However, these papers and presentations are on the offensive side of this subject, describing different attacks on various devices.
Is it possible to detect such attacks and if so, how to stop them? How can the risk of such attacks be mitigated against when vendors are often careless with security when they implement BLE stacks? How to protect the user’s devices and the users when the BLE protocol fails to do it?
The current paper approaches the defensive angle of this subject, showing different attack models and focusing not only on the victim’s security flaws, but also on the attacker’s shortcomings. The paper presents ways of detecting in real-time various attacks and ultimately shows a new technique aimed to provide a generic defense against MITM and DoS attacks.