RE: Vulnerability Assessment and Penetration Testing for BLE devices

bjorn-spockeli — Thu, 02 Jan 2020 08:51:30 GMT

Hi Riyaz,

Apologies for the late reply, we're a bit short staffed during the holidays.

[quote user=""]1. Is BLE recommended for Industry 4.0 best practices? If yes, is it documented somewhere?[/quote]

Yes, Bluetooth 5.0 and Bluetooth Mesh allows for more robust connections, longer range as well as the possibility of connecting thousands of BLE devices in mesh networks for large scale sensor data acquisition and control applicaitons.

https://ieeexplore.ieee.org/document/8869211

https://www.bluetooth.com/news/bluetooth-5-and-bluetooth-mesh-enabling-use-cases-for-industry-4-0/

[quote user=""]2. Is the Bluetooth Network Penetrable? [/quote]

Bluetooth Low Energy uses AES-128 encryption with a key size up to 16-bytes, which is adopted by the U.S. government and is now used worldwide.

Since Bluetooth 4.2 its possible to use LE Secure connections which employs the Diffie-Hellmann Key exchange to securely exchange encryption keys with out risking man-in-the-middle attacks, see https://www.bluetooth.com/blog/bluetooth-pairing-part-4/

Using a 16-byte key size in addition to LE Secure Connections it will not be possible for an attacker to decrypt the transmitted data.

The Bluetooth Special Interest Group will release Security notices for any known vulnerabilities and their fixes, see https://www.bluetooth.com/security/

[quote user=""]3. Do we have a VAPT (Vulnerability Assessment and Penetration Testing) report from any Industry who has implemented BLE?[/quote]

I am afraid we do not have any VAPT report, nor am I aware of any reports from industry.

Best regards

Bjørn