This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Vulnerability Assessment and Penetration Testing for BLE devices

I had an interesting call with the IT security team of a large Fortune 100 company. During our conversation they asked a few questions and I was wondering if someone from Nordic Dev Support can help with the answers

1. Is BLE recommended for Industry 4.0 best practices? If yes, is it documented somewhere?

2. Is the Bluetooth Network Penetrable?

3. Do we have a VAPT (Vulnerability Assessment and Penetration Testing) report from any Industry who has implemented BLE?

I would love it if someone is able to help me with this.

Parents

0 bjorn-spockeli over 5 years ago

Hi Riyaz,

Apologies for the late reply, we're a bit short staffed during the holidays.

1. Is BLE recommended for Industry 4.0 best practices? If yes, is it documented somewhere?

Yes, Bluetooth 5.0 and Bluetooth Mesh allows for more robust connections, longer range as well as the possibility of connecting thousands of BLE devices in mesh networks for large scale sensor data acquisition and control applicaitons.

https://ieeexplore.ieee.org/document/8869211

https://www.bluetooth.com/news/bluetooth-5-and-bluetooth-mesh-enabling-use-cases-for-industry-4-0/

2. Is the Bluetooth Network Penetrable?

Bluetooth Low Energy uses AES-128 encryption with a key size up to 16-bytes, which is adopted by the U.S. government and is now used worldwide.

Since Bluetooth 4.2 its possible to use LE Secure connections which employs the Diffie-Hellmann Key exchange to securely exchange encryption keys with out risking man-in-the-middle attacks, see https://www.bluetooth.com/blog/bluetooth-pairing-part-4/

Using a 16-byte key size in addition to LE Secure Connections it will not be possible for an attacker to decrypt the transmitted data.

The Bluetooth Special Interest Group will release Security notices for any known vulnerabilities and their fixes, see https://www.bluetooth.com/security/

3. Do we have a VAPT (Vulnerability Assessment and Penetration Testing) report from any Industry who has implemented BLE?

I am afraid we do not have any VAPT report, nor am I aware of any reports from industry.

Best regards

Bjørn
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 bjorn-spockeli over 5 years ago

Hi Riyaz,

Apologies for the late reply, we're a bit short staffed during the holidays.

1. Is BLE recommended for Industry 4.0 best practices? If yes, is it documented somewhere?

Yes, Bluetooth 5.0 and Bluetooth Mesh allows for more robust connections, longer range as well as the possibility of connecting thousands of BLE devices in mesh networks for large scale sensor data acquisition and control applicaitons.

https://ieeexplore.ieee.org/document/8869211

https://www.bluetooth.com/news/bluetooth-5-and-bluetooth-mesh-enabling-use-cases-for-industry-4-0/

2. Is the Bluetooth Network Penetrable?

Bluetooth Low Energy uses AES-128 encryption with a key size up to 16-bytes, which is adopted by the U.S. government and is now used worldwide.

Since Bluetooth 4.2 its possible to use LE Secure connections which employs the Diffie-Hellmann Key exchange to securely exchange encryption keys with out risking man-in-the-middle attacks, see https://www.bluetooth.com/blog/bluetooth-pairing-part-4/

Using a 16-byte key size in addition to LE Secure Connections it will not be possible for an attacker to decrypt the transmitted data.

The Bluetooth Special Interest Group will release Security notices for any known vulnerabilities and their fixes, see https://www.bluetooth.com/security/

3. Do we have a VAPT (Vulnerability Assessment and Penetration Testing) report from any Industry who has implemented BLE?

I am afraid we do not have any VAPT report, nor am I aware of any reports from industry.

Best regards

Bjørn
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data