Bluetooth LE Security
What is Bluetooth LE Security?
Bluetooth LE SecurityThe pairing, encryption, and privacy mechanisms defined by the Bluetooth Core Specification for Bluetooth Low Energy devices.
Bluetooth Low Energy (BLE) security is governed by the Bluetooth Core Specification, which defines pairing methods (Just Works, Passkey Entry, Numeric Comparison, Out-of-Band), key generation (LE Legacy Pairing vs LE Secure Connections using ECDH P-256), link encryption (AES-CCM), bonding, and address privacy through resolvable private addresses. Many BLE devices ship with the weakest method (Just Works), which provides encryption but no MITM protection, and accept long-term keys that never rotate, making relay and impersonation attacks practical. Application-layer protocols (GATT) often expose unauthenticated characteristics. Hardening involves LE Secure Connections, MITM-resistant pairing, signed firmware, attribute permissions that require authentication and encryption, and operating-system-level controls such as iOS/Android pairing prompts.
● Examples
- 01
A medical sensor pairing with a phone using Numeric Comparison over LE Secure Connections to prevent MITM.
- 02
Researchers showing that a smart lock accepts unauthenticated GATT writes to unlock the door.
● Frequently asked questions
What is Bluetooth LE Security?
The pairing, encryption, and privacy mechanisms defined by the Bluetooth Core Specification for Bluetooth Low Energy devices. It belongs to the OT / ICS / IoT category of cybersecurity.
What does Bluetooth LE Security mean?
The pairing, encryption, and privacy mechanisms defined by the Bluetooth Core Specification for Bluetooth Low Energy devices.
How does Bluetooth LE Security work?
Bluetooth Low Energy (BLE) security is governed by the Bluetooth Core Specification, which defines pairing methods (Just Works, Passkey Entry, Numeric Comparison, Out-of-Band), key generation (LE Legacy Pairing vs LE Secure Connections using ECDH P-256), link encryption (AES-CCM), bonding, and address privacy through resolvable private addresses. Many BLE devices ship with the weakest method (Just Works), which provides encryption but no MITM protection, and accept long-term keys that never rotate, making relay and impersonation attacks practical. Application-layer protocols (GATT) often expose unauthenticated characteristics. Hardening involves LE Secure Connections, MITM-resistant pairing, signed firmware, attribute permissions that require authentication and encryption, and operating-system-level controls such as iOS/Android pairing prompts.
How do you defend against Bluetooth LE Security?
Defences for Bluetooth LE Security typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Bluetooth LE Security?
Common alternative names include: BLE security, Bluetooth Low Energy security.
● Related terms
- ot-iot№ 552
IoT Security
The discipline of protecting Internet-of-Things devices, gateways, networks, and cloud services from compromise, given their scale, constrained resources, and long lifetimes.
- ot-iot№ 1267
Zigbee Security
The set of cryptographic and network controls that protect Zigbee mesh networks of low-power IoT devices, based on IEEE 802.15.4 and AES-CCM* keys.
- ot-iot№ 634
LoRaWAN Security
The end-to-end key, join, and message-protection model defined by the LoRaWAN specification for low-power wide-area IoT networks.
- attacks№ 113
Bluejacking
A largely nuisance-level Bluetooth attack in which an attacker sends unsolicited messages or contacts to nearby discoverable Bluetooth devices.
- attacks№ 114
Bluesnarfing
An attack that exploits Bluetooth vulnerabilities to read or copy data — contacts, messages, calendar entries, files — from a nearby device without the owner's consent.
- attacks№ 916
Relay Attack
An attack that forwards an authentication exchange in real time between two parties, so the attacker is authenticated without ever knowing the credentials.