Security Assessment of Bluetooth Just Works Pairing Method: Vulnerabilities and Enhancements

Bluetooth Low Energy (BLE) is used by many devices and Internet of Things (IoT) smart applications in numerous fields such as medication, home automation, transportation, and agriculture. It turns classic Bluetooth into a technology that can be integrated into resource-constrained devices that can run for months, sometimes years, on just a coin cell battery. To establish a connection with a peer device, most BLE devices on the market use the Just Works pairing option. Because this mode is so light, application developers and device manufacturers are responsible for security implementation. Unfortunately, because the market will not pay for security, there are many vulnerable smart devices on the market. In this paper, we talk about the Just Works vulnerability in BLE. We conduct a case study on a smart light bulb to intercept the BLE exchanges between two entities. Then, we propose an algorithm that can help to improve the security of the Just Works pairing method.