Testing for Weak Key Management in Bluetooth Low Energy Implementations — José Lopes Esteves, Tristan Claverie
Date : 04 June 2020 à 11:30 — 30 min.
During the last decade, Bluetooth Low Energy has earned a prominent place in the world of connected devices. As a communication protocol, the security of communications is paramount to this standard. Multiple studies have dealt with various problems and types of problems with BLE-enabled devices and it is now a common research subject to IT security researchers. As a result, multiple issues have already been found in the specification, which triggered corrections from the consortium. This paper explains in depth the meaning of communication security in the context of BLE and takes an extensive look at previous research. It then explores the topic of Key Management in BLE implementations and finds some problems when recommendations from the specification aren't followed. It discusses the possibility to test implementation in a black-box fashion to detect those problems and finally discusses the results from test campaigns.