Bluetooth Low Energy incorporates device pairing and link-layer encryption. However, significant amount of devices do not implement these features. They either do not provide transmission security at all, or ensure it by own means in application layers. The vendors promise “128-bit military grade encryption” and “unprecedented level of security”, not willing to share technical details. We have seen such declarations before, and many times they did not withstand professional, independent evaluation and turned out to be “snake oil” security. It is about time to verify these claims, what is now possible with the help of our new open-source tool.
Sławomir Jasek Principal IT Security Consultant