A Summary of Bluetooth Attacks

A recent study with the strange title SoK: The Long Journey of Exploiting and Defending the Legacy of King Harald Bluetooth (pdf) provides a comprehensive analysis of the security and privacy issues surrounding Bluetooth technology. Authored by Jianliang Wu, Ruoyu Wu, Dongyan Xu, Dave (Jing) Tian, and Antonio Bianchi from Purdue University and Simon Fraser University, it explores the evolution of Bluetooth security over 24 years, focusing on both attacks and defences.

The paper begins by summarising the evolution of Bluetooth security features since its first version, discussing the introduction of Bluetooth Low Energy (BLE) and Mesh protocols. It then looks into a systematisation of 76 attacks and 33 defences, categorising them based on their affected layers in the Bluetooth stack, the protocols they target, and their threat models.

Key observations include the increasing number of privacy attacks during the BLE device discovery phase, challenges in pairing security due to user mistakes and a mismatch between the assumptions of Bluetooth specifications and their real-world implementations on modern operating systems. The authors also highlight that while Bluetooth’s security has improved over time, there remain significant gaps in both security and privacy features that need addressing.

The document further explores attacks and defences in detail, divided into different layers of the Bluetooth stack: the physical layer, firmware layer, and host layer. Each layer faces unique challenges, from signal eavesdropping and injection at the physical layer to firmware exploitation and host exploitation attacks. The authors categorise these attacks based on their goals, affected protocol, phase, and attack model, providing a comprehensive overview of the current state of Bluetooth security.

Wireless Quarter Magazine

Nordic Semiconductor, the manufacturer of the System on a Chip (SoC) in most beacons and number one supplier of SoCs for Bluetooth LE solutions, has published the latest online issue of Wireless Quarter Magazine. It showcases the many uses of Nordic SoCs.

The latest issue of the magazine highlights the use of the Nordic SoCs in the following Bluetooth solutions:

  • AirSuite hazardous indoor conditions monitor
  • NNOXX health and fitness performance wearable
  • Wevolver perishable goods transport solution
  • GreaseBoss machinery lubrication management sensor
  • Coral Sense connected construction module using Bluetooth Mesh

There are also in-depth articles on Cellular IoT, how AI and machine learning are transforming IoT, Cellular IoT and DECT NR+, Smart Power Grids and Connected Construction.

Improved RSSI Indoor Localisation Using AI Algorithms

The article titled Improved RSSI Indoor Localization in IoT Systems with Machine Learning Algorithms by Ruvan Abeysekera and Ruvan Abeysekera focuses on enhancing indoor localisation in Internet of Things (IoT) systems using AI machine learning algorithms. The paper addresses the limitations of GPS in indoor environments and explores the use of Bluetooth low-energy (BLE) nodes and Received Signal Strength Indicator (RSSI) values for more accurate localisation.

GPS is ineffective indoors so the paper emphasises the need for alternative methods for indoor localisation, which is crucial for various applications like smart cities, transportation and emergency services.

The study uses machine learning algorithms to process RSSI data collected from Bluetooth nodes in complex indoor environments. Algorithms like K-Nearest Neighbors (KNN), Support Vector Machine (SVM, and Feed Forward Neural Networks (FFNN) are used, achieving accuracies of approximately 85%, 84%, and 76% respectively.

The RSSI data is also processed using techniques like weighted least-squares method and moving average filters. The paper also discusses the importance of hyperparameter tuning in improving the performance of the machine learning models.

The research claims to provide significant advancement in indoor localisation, highlighting the potential of machine learning in overcoming the limitations of traditional GPS-based systems in indoor environments.

How Princess Cruises’ Medallion Revolutionises Hospitality

Princess Cruises has made a significant leap with its Medallion. This innovative device, a Bluetooth beacon, is transforming the cruise experience for passengers and the company.

A Bluetooth Beacon at Sea

The Medallion is a small, wearable device that uses Bluetooth Low Energy (BLE) technology. This beacon interacts seamlessly with sensors placed throughout the ship. As passengers move around the ship, the Medallion’s signal is picked up by these sensors, allowing for a range of interactive and personalised experiences. Unlike classic Bluetooth devices that need to be paired, they use Bluetooth LE to automatically work with the ship’s network, offering a hands-free experience.

Enhancing the Passenger Experience

The Medallion has significantly enhanced the cruising experience for passengers. Firstly, it eases the boarding process, making it quicker and more efficient as the medallion is the passenger’s identity. Once on board, it serves as a digital key, unlocking the passenger’s room as they approach.

The Medallion enables the crew to provide a highly personalised service, greeting passengers by name and being aware of their preferences and needs. It also powers an on-board navigation system, helping passengers find their way around the large cruise ships and even locate their friends and family on board.

Entertainment and purchasing are also streamlined. The medallion can be used to make cashless payments for services and products on the ship and it interacts with various digital screens on the ship to provide personalised content and offers.

Advantages for Princess Cruises

For Princess Cruises, the Medallion represents a significant investment in improving operational efficiency and customer service. The data collected from these devices offer valuable insights into passenger behaviour and preferences, allowing for more targeted marketing and service improvements. It also streamlines onboard operations, such as crowd management and service delivery, making the cruise experience smoother and more efficient for everyone involved.

Broader Applications in Hospitality

The principles behind the Medallion are being adopted in other sectors of the hospitality industry. Hotels, resorts, and theme parks are increasingly using similar technology to enhance guest experiences. For example, wearable devices at theme parks can act as entry tickets, payment methods and fast-pass tickets to rides. In hotels, they offer keyless room access and personalised room settings, such as adjusting the temperature or lighting based on the guest’s preferences.

The Medallion by Princess Cruises is more than just a technological novelty; it’s a glimpse into the future of hospitality. By leveraging the power of a Bluetooth beacon, it creates a seamless, personalised, and more enjoyable travel experience.

The Risk of SaaS-based Beacon Solutions

Beacons have emerged as a crucial tool for businesses, especially in retail, logistics and asset tracking. However, the issue regarding how beacons are managed is becoming increasingly pertinent. We advocate for the use of generic beacons over those tied to specific Software as a Service (SaaS) platforms for a multitude of reasons, primarily centred around risk mitigation.

Some platform vendors have a vested interest in locking you into their proprietary beacons and subscription platforms. This approach may seem convenient at first, but it comes with a host of limitations and risks. For instance, you’re tied to a particular platform, often with a paid subscription that is subject to price changes. Moreover, if the vendor is a venture capital-funded company there’s always the risk, as we have witnessed, that they might not be around next year, leaving you stranded with unsupported hardware.

Opting for generic OEM beacons liberates you from the constraints of a single platform. You’re not tied to a paid subscription for a specific service, giving you the flexibility to adapt as your business needs change. Generic beacons don’t limit you to the advertising types and sensors provided by a particular locked beacon. You can mix and match different beacon types and manufacturers to suit your physical environment. This flexibility also allows you to second or even third source beacons, thereby reducing longer-term risk.

When you’re not limited by the technical constraints of a proprietary platform, you have the freedom to innovate. You can host the platform yourself or choose a hosting provider that aligns with your business needs. This means you can keep your business data away from a shared server, enhancing security and compliance.

Using generic beacons means you’re not dependent on the service level of a shared platform. If a cloud-managed service experiences downtime or other issues, it can have a cascading effect on your operations. Self-managed beacons offer a level of reliability that cloud solutions may not be able to guarantee.

Lastly, when you opt for generic beacons, you don’t have to lock your code to use a particular proprietary beacon app SDK. This gives you the freedom to develop your applications without worrying about compatibility issues down the line.

In conclusion, while cloud-managed solutions may offer a quick and easy entry point, the long-term risks and limitations can make them a less attractive option. Self-managed, generic beacons offer flexibility, security and independence.

Simple Indoor iBeacon Positioning Method

New research Using iBeacon Components to Design and Fabricate Low-energy and Simple Indoor Positioning Method (PDF) focuses on developing an effective indoor positioning system using iBeacon. The authors propose an enhanced triangulation technique using signal strength signatures for improved indoor positioning precision.

This system integrates a ‘blind’ device and multiple base stations using iBeacon components to form virtual digital electronic fences, effectively receiving signals from moving devices or tags in a targeted area. The proposed method divides the positioning area into rectangular or triangular subareas and establishes a loss value database for improved location estimation.

The system shows high accuracy, with an average error of less than 0.5 m in the worst-case scenario, making it suitable for various environments. The paper covers the architecture of the system, development phases and experimental results demonstrating the system’s effectiveness. The research offers significant insights into low-cost, high-precision indoor positioning methods suitable for diverse applications such as healthcare, smart cities, and industrial settings.

Using Beacons with Smartphone Apps

Bluetooth beacons are a powerful tool for creating personalised experiences through mobile apps. They work by transmitting signals that can be detected by all smartphones. When a user comes within range, the app detects the beacon’s signal and identifies the user’s proximity to a specific location.

This enables the delivery of contextually relevant content, such as detailed information or reviews when a customer approaches a product in a retail store. It also allows for personalised recommendations based on a user’s location and past behaviour, offering tailored suggestions that match their interests.

Interactive experiences are another feature made possible by Bluetooth beacons. They can trigger app-specific actions based on user location, such as providing wait times and virtual queuing options in an amusement park. Additionally, they assist in wayfinding and navigation within large venues by providing directions and highlighting points of interest.

Utilising Bluetooth beacons for personalised experiences benefits businesses in numerous ways. They enable enhanced engagement with customers by delivering timely content, fostering a stronger connection and loyalty. They improve customer satisfaction by providing tailored information and recommendations, making customers feel more valued. Sales and conversion rates are also boosted by offering targeted promotions when customers are near specific products.

Bluetooth beacons gather valuable data that provides insights into customer preferences and behaviour, helping businesses optimise operations and make data-driven decisions to enhance their offerings and marketing strategies.

Android and iOS use included operating system APIs to detect Bluetooth beacons. When an Android application detects a beacon, it gets a callback to a function including the signal level (RSSI), where developers can specify the app’s operation. On iOS the framework includes classes to represent beacons and beacon regions, enabling monitoring and ranging, i.e., determining the approximate distance to a beacon. When an app registers to monitor a specific beacon region, iOS notifies the app if the device enters or exits that region. This happens even if the app isn’t running at the time. Furthermore, if the app is currently in use, it can continually receive updates about nearby beacons and their relative distance.

In both Android and iOS, the apps don’t connect with the beacons. Instead, they detect the Bluetooth signals that the beacons broadcast. Also, both systems require the user’s permission for the app to access Bluetooth and location services.

Novel iBeacon Localisation Algorithm Modelling

Recent research A Novel Optimized iBeacon Localization Algorithm Modeling by Jiajia Shi et al, addresses the challenges in achieving high accuracy in indoor object localisation or tracking using iBeacon systems. These systems, which use Bluetooth sensors, are appealing due to their low cost and ease of setup but there can be challenges with accuracy and they can sometimes be susceptible to interference and environmental noise.

To overcome these challenges, the study focuses on developing error modeling algorithms for signal calibration, uncertainty reduction and noise elimination. The novel approach is based on the Curve Fitted Kalman Filter (CFKF) algorithms. The research demonstrates that the CFKF algorithms significantly improve the accuracy and precision of iBeacon localisation.

The paper discusses the limitations of current indoor localisation technologies, including the Received Signal Strength Indicator (RSSI) method, which is affected by multipath fading in indoor environments.

The authors propose a novel CFKF error modelling approach to enhance the estimation accuracy of iBeacon systems in field experiments. This approach includes a developed Kalman Filter (KF) state estimate algorithm based on the modified Least Squares Algorithm (LSA), a system calibration process for the RSSI and estimated distance and the CFKF error modelling for improved accuracy.

Understanding the Impact of Settings on Bluetooth Beacon Battery Life

A common concern that frequently surfaces is the beacon’s battery life. It’s often overlooked that the device’s settings play a crucial role in battery consumption.

The Influence of Advertising Period on Battery Life

One of the most critical settings that impact a beacon’s battery life is the advertising period, also known as the advertising interval. This setting determines how frequently the beacon broadcasts its signal. The principle here is straightforward: the more often a beacon transmits, the more battery power it consumes.

For optimal battery performance, it is suggested to set the advertising period to around 600 milliseconds when the use is detection by smartphones. This interval strikes a balance between battery efficiency and effective communication with smartphones in the vicinity.

However, if the beacon is primarily detected by a gateway rather than smartphones, consider setting the advertising interval to one second or more. Gateways are not powered by batteries so are are scanning more intensively and so don’t require as frequent broadcasting as mobile devices do.

Tailoring Beacon Advertising for Specific Needs

Bluetooth beacons can support various types of advertising protocols, such as iBeacon, Eddystone, and others. A common mistake is to have multiple protocols enabled simultaneously, which can unnecessarily drain the battery. To optimise battery usage, it’s essential to configure your beacon to only advertise the type of protocol(s) needed for your specific application.

Reducing Power Consumption Through Transmission Power Settings

Another aspect to consider is the transmission power setting of your beacon. This setting determines the strength of the signal emitted by the beacon. A higher transmission power means a stronger signal and a longer physical range, but it also leads to quicker battery drainage.

Evaluate your use case to determine if a lower transmission power would suffice. For instance, in smaller indoor spaces, a lower power setting can be more than adequate, significantly extending the battery life of your beacon.


In summary, the longevity of your Bluetooth beacon’s battery is not solely dependent on the hardware but is significantly influenced by the right configuration settings. By understanding and optimising these settings, you can greatly enhance your beacon’s battery life. Using these tips, in some circumstances, beacon battery life can be extended to 10+ years which is longer than the useful life of some projects.

An Enhanced Triangulation Technique

Researchers from universities in Taiwan have developed a simple Bluetooth low-energy indoor positioning method using iBeacon components. The system aims to be lightweight, low-cost, and highly precise. The paper, Using iBeacon Components to Design and Fabricate Low-energy and Simple Indoor Positioning Method (PDF), introduces an enhanced triangulation technique using strength signatures of transmitted signals to improve positioning precision in planar locations.

The physical system consists of an observation (they call blind) device and multiple base stations using iBeacon components. These base stations can form virtual digital electronic fences and receive signals from blind devices, such as wearable devices or equipment tags. The positioning area is divided into rectangular or triangular subareas and the location of a blind device can be accurately located in real time using the measured strength of received signals and topology analysis.

The proposed method has an average error of less than 0.5 meters in the worst scenario and can be easily used in various environments. It integrates an STSS database and a triangulation method by evaluating the power values of received directional signals. Compared to traditional triangulation technologies, this method offers better positioning accuracy with simpler implementation procedures, reducing the overall cost of deployment.

View iBeacons