An Active Man-In-The-Middle Attack on Bluetooth Smart Devices

An Active Man-In-The-Middle Attack on Bluetooth Smart Devices

Tal Melamed 

Tech Leader, AppSec Labs, Israel

1 February 2018
| Citation



In the last years, the Internet of Things (IoT) has become integral part of our lives and its influence is expected to exponentially increase in the next years. For several reasons, however, the development of IoT has not gone hand in hand with an adequate reinforcement and consolidation of our security and privacy, despite the serious impact that IoT vulnerabilities may have on our digital and physical security. Bluetooth Low Energy (BLE), also known as Bluetooth Smart, is the most popular protocol for interfacing smart devices, wearables, and medical equipment. This contribution surveys the key security issues in the BLE protocol and discusses a possible architecture for BLE Man-in-the-Middle (MitM) attacks together with the related necessary equipment. In addition, after introducing some of the available tools for hacking BLE, a case-study based on their use was presented, which describes a MitM attack between a Bluetooth smart device and its designated mobile app. The case-study well exemplifies how easily, given the required proximity to the target, a possible hacker can control the data and, in some instances, even the mobile device itself, when connecting it to a BLE device.


BLE security, Bluetooth Low Energy, Bluetooth Smart, IoT security


[1] Bluetooth, S.I.G, SIG introduces bluetooth low energy wireless technology, the next generation of Bluetooth wireless technology, press release, 2009.

[2] Columbus, L., Roundup of internet of things forecasts and market estimates. Forbes, 2015.

[3] Dudhane, N.A. & Pitambare, S.T., Location based and contextual services using bluetooth beacons: new way to enhance customer experience. Lecture Notes on Information Theory, 3(1), 2015.

[4] Janiak, S., Three ways bluetooth smart technology enables innovation for the internet of things, available at (accessed 30 April 2017).

[5] Ryan, M., Bluetooth: with low energy comes low security. WOOT, 2013, available at (accessed 30 April 2017).

[6] Bluetooth S.I.G., Proprietary information security, bluetooth low energy, available at ashx (accessed 30 April 2017).

[7] Lauter, K., The advantages of elliptic curve cryptography for wireless security. IEEE Wireless Communications, 11(1), pp. 62–67, 2004.

[8] Bluetooth Specifications, available at (accessed 30 April 2017).

[9] Fette, I. & Melnikov, A., The WebSocket Protocol. Internet Engineering Task Force, RFC 6455, 2011, available at (accessed 30 April 2017).

[10] CSR8510 Specification, available at (accessed 30 April 2017).

[11] Syverson, P., A taxonomy of replay attacks, computer security foundations workshop VII, CSFW 7, IEEE, pp. 187–191, 1994.

[12] Jasek, S., GATTacking Bluetooth Smart devices, BlackHat USA, 2016, available at (accessed 30 April 2017).

[13] Cauquil D., BtleJuice: the Bluetooth Smart MitM Framework, DEF CON 24 Internet of Things Village, 2016, available at (accessed 30 April 2017).

[14] Cardenas, E.D., Mac Spoofing–an introduction. GIAC Security Essentials Certification, 2013.

[15] Melamed, T., R U aBLE? BLE Application Hacking. OWASP, 2017, available at (accessed 30 April 2017).