We analyze the security of the BLE link-layer, focusing on the scenario in which two previously-connecteddevices reconnect. Based on a formal analysis of the reconnec-tion procedure defined by the BLE specification, we highlighttwo critical security weaknesses in the specification. As a re-sult, even a device implementing the BLE protocol correctlymay be vulnerable to spoofing attacks.
To demonstrate these design weaknesses, and further studytheir security implications, we develop BLE Spoofing Attacks(BLESA). These attacks enable an attacker to impersonate aBLE device and to provide spoofed data to another previously-paired device. BLESA can be easily carried out against some implementations of the BLE protocol, such as the one used in Linux. Additionally, for the BLE stack implementations used by Android and iOS, we found a logic bug enabling BLESA. We reported this security issue to the affected parties (Googleand Apple), and they acknowledged our findings.