Files
Abstract
Bluetooth Low Energy (BLE) is a popular wireless communication technology introduced in Bluetooth 4.0. Devices that leverage this technology include home security systems, medical devices, and similar apparatuses whose integrity is crucial for people’s safety. A vulnerable BLE device can cause user privacy leaks and be a steppingstone toward more severe threats in enterprise environments. This study proposes a BLE sniffer for the enterprise environment to raise an alarm whenever a nearby vulnerable device is detected. The system senses vulnerable devices by sniffing advertising packets and fingerprinting device chip models. Six fitness-tracker device data were used to train two machine learning algorithms targeted to predict chip models based on advertising packet timing and size information inherent to the chip hardware. The results show that detecting vulnerable devices and identifying their specific vulnerabilities based on CVE records is possible, according to the 87.5% accuracy score.