BLE is gaining ground in mobile phones and is supported by iOS5 and later, Windows Phone 8.1, Windows 8, Android 4.3 and later, as well as the BlackBerry 10.
“By 2018, more than 90 percent of Bluetooth-enabled smartphones are expected to be Smart Ready devices,” said Bluetooth SIG, which means it will support BLE.
iBeacons, which also transmit BLE packets in order to identify a location, are already used in Apple Stores to tailor notifications to visiting customers, while BA and Virgin use iBeacons with their boarding pass apps to welcome passengers walking into the lounge with the Wi-Fi password.
House of Fraser is also trialling iBeacons on mannequins to allow customers to look at the clothes and their prices on their phones.
The current model for iBeacons is that they should non-invasive; you have to already be running the application for it to detect and respond to a beacon.
“It doesn’t take much imagination to think of a phone manufacturer providing handsets with an iBeacon application already installed, so your phone alerts you with sales notifications when you walk past certain shops,” said Scott Lester — a senior researcher at Context.
The latest version of Bluetooth makes it possible for BLE to implement public key encryption and keep packet sizes down, while also supporting different authentication schemes, but it’s often overlooked by manufacturers.
“Many BLE devices simply can’t support authentication and many of the products we have looked at don’t implement encryption, as this would significantly reduce battery life and increase the complexity of the application, said Lester.
“It is clear that BLE is a powerful technology, which is increasingly being put to a wide range of uses.
“While the ability to detect and track devices may not present a serious risk in itself, it certainly has the potential to compromise privacy and could be part of a wider social engineering threat.
“It is also yet another demonstration of the lack of thought that goes into security when companies are in a rush to get new technology products to market.”
Last week, soldiers in China’s army were banned from wearing smartwatches and other wearable technology for fear the devices could transmit sensitive data. The findings showed that such concerns over cyber-security loopholes may be justified.
Martin Woolley, Technical Program Manager at Bluetooth SIG, said that what is often overlooked is that there is always a trade-off between absolute security and a reasonable level of security considering the data that is being transferred.
“Companies are aware that they need to consider the full spectrum of available measures against their product’s security requirements, he said.
“For example the security needs of a smart bulb manufacturer would differ to those of a smart lock manufacturer. What is certain is that Bluetooth offers a wide range of security options, including government-grade encryption providing the means for very high levels of security. Manufacturers will continue to make decisions based on their customers’ needs and demands for a particular implementation.”