BLE ensuring high safety with low energy?
Despite Bluetooth Low Energy (BLE) gaining ground, the technology has its share of challenges, especially pertaining to security. In this context, examining the evolution of BLE and the challenges it faces becomes vital.
What is BLE?
BLE, or Bluetooth Low Energy, is a wireless personal area network technology, targeted at novel applications in the segment of beacons, healthcare, fitness, security etc. Compared to the classic Bluetooth, it intends to offer considerably reduced cost and power consumption while maintaining a similar communication range.
Market penetration of BLE
Brands and retailers are focusing on beacons and conducting tests for BLE-based applications. Today, the market is flooded with a growing number of BLE devices. To illustrate, roughly more than a billion BLE enabled devices were shipped last year and the figure is estimated to reach 19 billion over the next five years. While Bluetooth penetration is close to 90 per cent in all mobile devices and the integration of BLE is at the initiation stage; it is still expected to get replaced by BLE.
Concerns pertaining to BLE Security
The security concerns associated with BLE include:
- Snooping of traffic
- Hard encoded password or weak credentials
- Password attacks from brute force
In order to ensure that one’s BLE connects and operate securely, the two devices must be paired first. Following the encryption of the connection, keys are shared that are later on used for encryption and message authentication.
The procedure for connecting any two devices is different than that for the two already paired devices. The new connections require searching and retrieving the link key on both the ends. While Bluetooth Low Energy connection includes security features, within the pairing process there is a notable flaw by default. Specifically while pairing, the initial pairing request is sent out encrypted. Thus, one must always remember while designing his implementation that these packets won’t be protected and the same may result as a threat vector for his developed application.