Bluetooth and BLE Attacks

Bluetooth is everywhere: headsets, locks, medical devices, fitness trackers, car infotainment, and industrial sensors. Two distinct technologies share the brand:

• Bluetooth Classic (BR/EDR) — higher throughput, used for audio and file transfer.
• Bluetooth Low Energy (BLE) — low power, used by IoT, wearables, and smart locks.

They differ in radio behavior, pairing, and protocol stacks, so attacks against one rarely apply to the other. BLE dominates IoT and is the focus of most modern assessments because of how often it is deployed insecurely.

BLE operates in the 2.4 GHz band across 40 channels. Three of them (37, 38, 39) are advertising channels used for discovery; the other 37 carry connected data.

The core data model is GATT (Generic Attribute Profile):

• Services group related functionality.
• Characteristics are individual data points you can read, write, or subscribe to.
• Each has a UUID and a handle.

Enumerating the GATT table reveals exactly what a device exposes, which is the heart of BLE assessment.