Explore a 24-minute conference talk from USENIX Security '16 that delves into the privacy vulnerabilities of Bluetooth Low Energy (BLE) devices and presents an innovative solution. Discover how researchers from the University of Michigan and Hewlett Packard Labs uncovered surprising flaws in the BLE protocol's privacy provisions, exposing devices to potential threats such as user profiling, behavior tracking, and exploitation of known vulnerabilities. Learn about BLE-Guardian, a device-agnostic system designed to protect user privacy by controlling device discovery, scanning, and connection. Gain insights into the implementation of BLE-Guardian using off-the-shelf hardware and its effectiveness in safeguarding user privacy with minimal overhead. Follow the presentation's structure, covering BLE fundamentals, privacy concerns, research questions, and the proposed solution, concluding with an evaluation of the system's performance.
Overview
Syllabus
Intro
What is Bluetooth Low Energy?
BLE Primer
BLE Advertisements
BLE Security and Privacy
BLE Privacy & Security Effectiveness
Research Questions
BLE-Guardian
High-level Description
Device Hiding
Access Control
Evaluation
Conclusion
Taught by
USENIX