We present a legacy-friendly, non-intrusive monitoring system to defend Bluetooth users against spoofing attacks through which an attacker can impersonate an IoT device and feed malicious data to its users.
We discover critical security vulnerabilities in the Bluetooth Low Energy connection protocol, which can be exploited to impersonate an IoT device and provide spoofed data to a previously-paired user device.