Functional Audit of IoT Toys with Bluetooth LE
DOI:
https://doi.org/10.17979/ja-cea.2025.46.12272Keywords:
Embedded system security, BLE traffic analysis, Connected toys, Intrusion detection, Home IoT, Device auditing, Secure wireless communicationsAbstract
This work presents a functional audit of commercial devices with Bluetooth Low Energy (BLE) connectivity, focused on
connected toys in the context of the Internet of Things (IoT). The methodology is based on the use of two nRF52840 dongles:
one configured as a scanner to identify random MAC addresses, and the other as a BLE sniffer integrated with Wireshark to
capture traffic between the device and its mobile application. The captures show that several of the analyzed devices transmit
data without encryption or authentication, enabling attacks such as interception, command injection, or replay. As future work,
we propose using the captured data to train anomaly detection models using machine learning techniques.
References
, 02 2023. Introduction to bluetooth low energy (ble). URL: https://www.argenox.com/library/bluetooth-low-energy/introduction-to-bluetooth-low-energy-v4-0/
, 01 2025. nrf sniffer for bluetooth le. URL: https://www.nordicsemi.com/Products/Development-tools/nrf-sniffer-for-bluetooth-le/download
Allana, S., Chawla, S., 08 2020. Childshield: A rating system for assessing privacy and security of internet of toys. Telematics and Informatics 56, 101477–101477. URL: https://doi.org/10.1016/j.tele.2020.101477 DOI: doi:10.1016/j.tele.2020.101477
Chu, G., Apthorpe, N., Feamster, N., 01 2018. Security and privacy analyses of internet of things children’s toys. arXiv. URL: https://arxiv.org/abs/1805.02751 DOI: doi:10.48550/ARXIV.1805.02751
Classen, J., Hollick, M., 06 2021. Happy mitm. URL: https://doi.org/10.1145/3448300.3467822 DOI: doi:10.1145/3448300.3467822
de Carvalho, L. G., Eler, M. M., 01 2017. Security requirements for smart toys, 144–154. URL: https://doi.org/10.5220/0006337001440154 DOI: doi:10.5220/0006337001440154
de Paula Albuquerque, O., Fantinato, M., Kelner, J., de Albuquerque, A. P., 12 2019. Privacy in smart toys: Risks and proposed solutions. Electronic Commerce Research and Applications 39, 100922–100922. URL: https://doi.org/10.1016/j.elerap.2019.100922 DOI: doi:10.1016/j.elerap.2019.100922
INCIBE, 01 2024. Estudio de la ciberseguridad juguetes conectados. Tech. rep. URL: https://www.incibe.es/sites/default/files/espacios/ed2026/laboratorio/EstudioINCIBE_ciberseguridad_juguetes_conectados.pdf
Koulouras, G., Katsoulis, S., Zantalis, F., 02 2025. Evolution of bluetooth technology: Ble in the iot ecosystem. URL: https://doi.org/10.3390/s25040996 DOI: doi:10.3390/s25040996
Lonzetta, A. M., Cope, P., Campbell, J. P., Mohd, B. J., Hayajneh, T., 07 2018. Security vulnerabilities in bluetooth technology as used in iot. Journal of Sensor and Actuator Networks 7, 28–28. URL: https://doi.org/10.3390/jsan7030028 DOI: doi:10.3390/jsan7030028
Nagrare, T., Sindhewad, P., Kazi, F., 01 2023. Ble protocol in iot devices and smart wearable devices: Security and privacy threats. arXiv (Cornell University). URL: https://arxiv.org/abs/2301.03852 DOI: doi:10.48550/arxiv.2301.03852
Radhakrishnan, I., Jadon, S., Honnavalli, P. B., 06 2024. Efficiency and security evaluation of lightweight cryptographic algorithms for resourceconstrained iot devices. Sensors 24, 4008–4008. URL: https://doi.org/10.3390/s24124008 DOI: doi:10.3390/s24124008
Sivakumaran, P., Blasco, J., 01 2021. argxtract: Deriving iot security configurations via automated static analysis of stripped arm binaries. arXiv (Cornell University). URL: https://arxiv.org/abs/2105.03135 DOI: doi:10.48550/arxiv.2105.03135
Vervloesem, K., 06 2022. Develop your own bluetooth low energy applications for raspberry pi. URL: https://koen.vervloesem.eu/books/
vinnter, 02 2023. What’s new with ble5? and how does it compare to ble4? URL: vinnter.se/whats-new-with-ble5-and-how-does-it-compare-to-ble4/
Wang, Z., 02 2024. Securing bluetooth low energy: A literature review. URL: https://arxiv.org/abs/2404.16846 DOI: doi:10.48550/arXiv.2404.16846
Want, R., Schilit, B. N., Laskowski, D., 10 2013. Bluetooth le finds its niche. IEEE Pervasive Computing 12, 12–16. URL: https://doi.org/10.1109/mprv.2013.60 DOI: doi:10.1109/mprv.2013.60
Wen, H., Lin, Z., Zhang, Y., 10 2020. Firmxray: Detecting bluetooth link layer vulnerabilities from bare-metal firmware. URL: https://doi.org/10.1145/3372297.3423344 DOI: doi:10.1145/3372297.3423344
White, N., 06 2024. Using the nordic nrf sniffer for ble. URL: https://dojofive.com/blog/ using-the-nordic-nrf-sniffer-for-ble/
Zachariah, T., Clark, M., Dutta, P., 10 2018. Bluetooth low energy in the wild dataset, 27–28. URL: https://doi.org/10.1145/3277868.3277882 DOI: doi:10.1145/3277868.3277882
Zhang, Y., Weng, J., Dey, R., Fu, X., 01 2020. Bluetooth low energy (ble) security and privacy. Springer eBooks, 123–134. URL: https://doi.org/10.1007/978-3-319-78262-1_298 DOI: doi:10.1007/978-3-319-78262-1_298
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Jose Aveleira-Mata, Diego Narciandi-Rodríguez, Isaías García-Rodríguez, Javier Alfonso-Cendón, Sergio Rubio-Martín, Héctor Alaiz-Moretón
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
