Bluetooth Low Energy

The Bluetooth Low Energy procedures — the descent for this technology step by step, each with its method, field case, known attacks and remediation.

colour = layer of the descent (IG → AP)·id = RFSAM-<PROTOCOL>-<LAYER>-NN·status VERIFIED real field case REVIEWED cited, illustrative field case DRAFT in progress
RFSAM-BLE-IG-01Identify the SoC and host stack, then check the published vulnerability corpusREVIEWEDRFSAM-BLE-SP-01Establish BLE channel map and capture feasibilityREVIEWEDRFSAM-BLE-PHY-01Demodulate the air and recover link-layer bitsREVIEWEDRFSAM-BLE-LL-01Audit advertising and identifier exposureREVIEWEDRFSAM-BLE-LL-02Capture an established connection's data channelREVIEWEDRFSAM-BLE-CR-01Assess BLE pairing and decrypt weak pairingsVERIFIEDRFSAM-BLE-AT-01Live connection hijackingVERIFIED