pith. sign in

arxiv: 2606.21016 · v1 · pith:VZPYK2A3new · submitted 2026-06-19 · 💻 cs.CR

Quantifying the Impact of Stealthy BLE Spam & Flooding Attacks on IoT Environments

Usman Rauf , Adalynn Martinez , Fadi Mohsen This is my paper

Pith reviewed 2026-06-26 14:20 UTC · model grok-4.3

classification 💻 cs.CR
keywords BLE floodingIoT securitydenial of serviceagility strategyBLE spamresource exhaustionmedical IoT
0
0 comments X

The pith

BLE flooding attacks on IoT can be quantified and deterred by agility that raises attacker costs.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper establishes a quantitative basis for measuring how BLE spam and flooding attacks exhaust device resources in IoT settings such as medical sensors. It highlights the vulnerability in energy-efficient protocols used in contested environments like battlefield medical systems. The work introduces an agility-based strategy as a practical way to increase the effort required for such attacks. A reader would care because these attacks threaten communication in critical systems where static facilities are vulnerable. If the claims hold, defenders gain tools to assess and mitigate risks in dense wireless ecosystems.

Core claim

In this work, we develop a quantitative foundation for understanding the impact of such attacks and propose a practical deterrence strategy based on agility to raise the cost of such attacks.

What carries the argument

Agility-based deterrence strategy that increases the cost for adversaries flooding BLE advertisement channels with unauthorized requests.

Load-bearing premise

That an agility-based approach can practically raise the cost of BLE flooding attacks without further implementation details.

What would settle it

A measurement of attacker resource use in a test IoT setup with and without the agility measure, showing no measurable increase in effort or reduction in attack success.

read the original abstract

The energy-efficient design of the BLE protocol, emphasis on rapid, and userfriendly discovery, making it an ideal choice for IoMTs, specifically, military field medical systems, and battlefield wearable sensors. Especially in active conflict zones, when static medical facilities are vulnerable and often targeted, limiting their viability for sustained care delivery. This rapid deployment, and ease of management comes at the cost of expanded attack surface, i.e., BLE flooding attacks. During such attacks, adversaries flood advertisement channels with unauthorized connection or advertising requests to exhaust nearby device resources and disrupt legitimate communication, sometimes culminating in denial-of-service conditions. A first public proof-of-concept of such attacks, using a Raspberry Pi has since been adapted to commodity platforms (e.g., Flipper Zero, HackRF, Android), lowering the barrier to attack. In contested environments, such platforms are directly relevant to adversarial RF jamming and spoofing operations, where low-cost, portable devices can induce disproportionate disruption in dense wireless ecosystems. In this work, we develop a quantitative foundation for understanding the impact of such attacks and propose a practical deterrence strategy based on agility to raise the cost of such attacks.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 1 minor

Summary. The manuscript claims to develop a quantitative foundation for understanding the impact of stealthy BLE spam and flooding attacks on IoT environments (with emphasis on IoMTs, military field medical systems, and battlefield sensors) and to propose a practical agility-based deterrence strategy that raises the cost of such attacks. It notes BLE's energy-efficient design and rapid discovery as expanding the attack surface, the availability of low-cost attack platforms (Raspberry Pi, Flipper Zero, HackRF, Android), and relevance to RF jamming/spoofing in contested environments.

Significance. If substantiated with data and validation, the work could inform security practices for BLE in high-stakes wireless ecosystems where low-cost attacks can cause disproportionate disruption. The focus on contested environments and commodity attack tools highlights practical relevance. However, the provided text supplies no supporting analysis, models, or evidence, limiting any assessment of significance.

major comments (1)
  1. [Abstract] Abstract: The central claim that the work 'develop[s] a quantitative foundation for understanding the impact of such attacks and propose[s] a practical deterrence strategy based on agility' is unsupported; the text contains no methods, equations, experimental setup, metrics (e.g., energy drain, connection success rates, channel-switching intervals), results, or validation of the agility approach. This is load-bearing for the paper's stated contribution.
minor comments (1)
  1. [Abstract] Abstract: Awkward phrasing and grammatical issues reduce clarity, e.g., 'The energy-efficient design of the BLE protocol, emphasis on rapid, and userfriendly discovery, making it an ideal choice for IoMTs, specifically, military field medical systems, and battlefield wearable sensors.'

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the detailed review and the recommendation. We acknowledge that the provided manuscript text consists primarily of the abstract and does not include the supporting methods, experiments, metrics, or results referenced in the central claim.

read point-by-point responses

  1. Referee: [Abstract] Abstract: The central claim that the work 'develop[s] a quantitative foundation for understanding the impact of such attacks and propose[s] a practical deterrence strategy based on agility' is unsupported; the text contains no methods, equations, experimental setup, metrics (e.g., energy drain, connection success rates, channel-switching intervals), results, or validation of the agility approach. This is load-bearing for the paper's stated contribution.

    Authors: We agree that the claim in the abstract is currently unsupported by the text provided in the manuscript. The manuscript as presented does not contain the methods, equations, experimental setup, metrics, results, or validation. We will revise the manuscript to add these elements, including descriptions of the experimental platforms, quantitative metrics for attack impact, and evaluation of the agility deterrence strategy. revision: yes

Circularity Check

0 steps flagged

No equations, parameters, or derivation chain present in the manuscript

full rationale

The provided abstract and manuscript text contain no equations, fitted parameters, self-citations of uniqueness theorems, or any load-bearing derivations. The central claims are stated as proposals for future quantitative work and an agility strategy, but no mathematical steps, inputs, or reductions exist that could be checked for circularity. This is the expected non-finding when a paper supplies no formal chain to inspect.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

The abstract does not mention any free parameters, axioms, or invented entities.

pith-pipeline@v0.9.1-grok · 5736 in / 969 out tokens · 28082 ms · 2026-06-26T14:20:00.136059+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

32 extracted references · 16 canonical work pages

  1. [1]

    Computer Communications81, 72–85 (2016) https://doi.org/10.1016/j.comcom.2015.10.008

    Cho, K., Park, G., Cho, W., Seo, J., Han, K.: Performance analysis of device discovery of bluetooth low energy (ble) networks. Computer Communications81, 72–85 (2016) https://doi.org/10.1016/j.comcom.2015.10.008

    work page doi:10.1016/j.comcom.2015.10.008 2016

  2. [2]

    In: The Impact of Digital Technologies on Public Health in Developed and Developing Countries, ICOST 2020

    Fourati, L.C., Said, S.: Remote health monitoring systems based on bluetooth low energy (ble) communication systems. In: The Impact of Digital Technologies on Public Health in Developed and Developing Countries, ICOST 2020. Lecture Notes in Computer Science, vol. 12157, pp. 41–54. Springer, ??? (2020). https: //doi.org/10.1007/978-3-030-51517-1 4

    work page doi:10.1007/978-3-030-51517-1 2020

  3. [3]

    Computer Networks211, 108953 (2022) https://doi.org/10.1016/j.comnet.2022.108953

    Lacava, A., Zottola, V., Bonaldo, A., Cuomo, F., Basagni, S.: Securing bluetooth low energy networking: An overview of security procedures and threats. Computer Networks211, 108953 (2022) https://doi.org/10.1016/j.comnet.2022.108953

    work page doi:10.1016/j.comnet.2022.108953 2022

  4. [4]

    https: //extranet.who.int/ssa/Index.aspx

    World Health Organization: Strategic Situational Analysis (SSA) (n.d.). https: //extranet.who.int/ssa/Index.aspx

  5. [5]

    Malwarebytes

    Malwarebytes Labs: Meet the Entirely Legal, iPhone-crashing Device, the Flipper Zero: Lock and Code S04E25. Malwarebytes. https://www.malwarebytes.com/b log/podcast/2023/12/meet-the-entirely-legal-iphone-crashing-device-the-flipper -zero-lock-and-code-s04e25 Accessed 2025-10-01

    2023

  6. [6]

    22 Forbes (online) (2023)

    Winder, D.: iPhone iOS 17 Hack Attack Reported in the Wild—How To Stop It. 22 Forbes (online) (2023). https://www.forbes.com/sites/daveywinder/2023/11/0 6/iphone-ios-17-hack-attack-reported-in-the-wild-how-to-stop-it/

    2023

  7. [7]

    Binary distribution listing for the Android BLE Spam app

    Bluetooth LE Spam — F-Droid. Binary distribution listing for the Android BLE Spam app. https://f-droid.org/packages/de.simon.dankelmann.bluetoothlespam/ Accessed 2025-08-16

    2025

  8. [8]

    HackRF/PortaPack Mayhem app for spamming various BLE packets (Android Fast Pair, iOS, etc.)

    BLESpam — PortaPack Mayhem Firmware Wiki. HackRF/PortaPack Mayhem app for spamming various BLE packets (Android Fast Pair, iOS, etc.). https: //github.com/portapack-mayhem/mayhem-firmware/wiki/BLESpam/Bluetoo th-Low-Energy-Receiver Accessed 2025-08-16

    2025

  9. [9]

    Open-source Android app that generates spoofed BLE advertisements (Apple/Google/Samsung/Microsoft protocols)

    Dankelmann, S.: Bluetooth LE Spam. Open-source Android app that generates spoofed BLE advertisements (Apple/Google/Samsung/Microsoft protocols). http s://github.com/simondankelmann/Bluetooth-LE-Spam Accessed 2025-08-16

    2025

  10. [10]

    Journal of Ambient Intelligence and Humanized Computing10, 4361–4375 (2019) https://doi.org/10.1007/s12652-018-1113-8

    Halloush, R., Liu, H.: Modeling and performance evaluation of jamming-tolerant wireless systems. Journal of Ambient Intelligence and Humanized Computing10, 4361–4375 (2019) https://doi.org/10.1007/s12652-018-1113-8

    work page doi:10.1007/s12652-018-1113-8 2019

  11. [11]

    In: Proc

    Jianliang Wu, Wei Li: Detection of stealthy jamming using hidden markov models in uav-assisted networks. In: Proc. IEEE GLOBECOM (2023)

    2023

  12. [12]

    Expert Systems with Applications127, 30–43 (2019) https://doi.org/10.1016/j.eswa.2019.01.001

    Shanbhag, A., Huang, W.: Learning attack mechanisms in wireless sensor net- works using markov decision processes. Expert Systems with Applications127, 30–43 (2019) https://doi.org/10.1016/j.eswa.2019.01.001

    work page doi:10.1016/j.eswa.2019.01.001 2019

  13. [13]

    EURASIP Journal on Wire- less Communications and Networking2021(1), 143 (2021) https://doi.org/10.1 186/s13638-021-02005-2

    Ghafi, H.K., Spindelberger, C., Arthaber, H.: Modeling of co-channel interference in bluetooth low energy based on measurement data. EURASIP Journal on Wire- less Communications and Networking2021(1), 143 (2021) https://doi.org/10.1 186/s13638-021-02005-2

    2021

  14. [14]

    In: Chatterjee, M., Cao, J.-n., Kothapalli, K., Rajsbaum, S

    Bhunia, S., Su, X., Sengupta, S., V´ azquez-Abad, F.: Stochastic model for cog- nitive radio networks under jamming attacks and honeypot-based prevention. In: Chatterjee, M., Cao, J.-n., Kothapalli, K., Rajsbaum, S. (eds.) Distributed Computing and Networking, pp. 438–452. Springer, Berlin, Heidelberg (2014)

    2014

  15. [15]

    CoRRabs/2104.11580(2021) 2104.11580

    Allouzi, M.A., Khan, J.I.: Identifying and modeling security threats for iomt edge network using markov chain and common vulnerability scoring system (CVSS). CoRRabs/2104.11580(2021) 2104.11580

    arXiv 2021

  16. [16]

    CoRRabs/1802.08782 (2018) 1802.08782

    Sikeridis, D., Papapanagiotou, I., Devetsikiotis, M.: Blebeacon: A real-subject trial dataset from mobile bluetooth low energy beacons. CoRRabs/1802.08782 (2018) 1802.08782

    arXiv 2018

  17. [17]

    Zenodo (2021)

    Duque, A., Finet, M., Vial, T., Humbert, M.: SDR4IoT BLE & Zigbee RF dataset. Zenodo (2021). https://doi.org/10.5281/zenodo.4639390 . https://doi.org/10.5 23 281/zenodo.4639390

    work page doi:10.5281/zenodo.4639390 2021

  18. [18]

    Data9(4) (2024) https://doi.org/10.3390/data9040049

    Bouaru, R., Peculea, A., Iancu, B., Buzura, S., Cebuc, E., Dadarlat, V.: Analysis of a bluetooth traffic dataset obtained during university examination sessions. Data9(4) (2024) https://doi.org/10.3390/data9040049

    work page doi:10.3390/data9040049 2024

  19. [19]

    Internet of Things28, 101351 (2024) https://doi.org/10.1016/j.iot.2024 .101351

    Dadkhah, S., Neto, E.C.P., Ferreira, R., Molokwu, R.C., Sadeghi, S., Ghorbani, A.A.: Ciciomt2024: A benchmark dataset for multi-protocol security assessment in iomt. Internet of Things28, 101351 (2024) https://doi.org/10.1016/j.iot.2024 .101351

    work page doi:10.1016/j.iot.2024 2024

  20. [20]

    IEEE Dataport (2021)

    Unal, D.: BlueTack. IEEE Dataport (2021). https://doi.org/10.21227/skhs-0b39 . https://dx.doi.org/10.21227/skhs-0b39

    work page doi:10.21227/skhs-0b39 2021

  21. [21]

    Sensors22(21), 8280 (2022) https://doi.org/10.3390/s22218280

    Abad, A.E.,et al.: Secure bluetooth communication in smart healthcare systems: A novel community dataset and intrusion detection system. Sensors22(21), 8280 (2022) https://doi.org/10.3390/s22218280

    work page doi:10.3390/s22218280 2022

  22. [22]

    In: Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security

    Che, X., He, Y., Feng, X., Sun, K., Xu, K., Li, Q.: Blueswat: A lightweight state-aware security framework for bluetooth low energy. In: Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security. CCS ’24, pp. 2087–2101. Association for Computing Machinery, New York, NY, USA (2024). https://doi.org/10.1145/3658644.3670397 . h...

    work page doi:10.1145/3658644.3670397 2024

  23. [23]

    In: IEEE INFOCOM 2020 - IEEE Conference on Computer Communications, pp

    Zhang, Y., Weng, J., Ling, Z., Pearson, B., Fu, X.: Bless: A ble application security scanning framework. In: IEEE INFOCOM 2020 - IEEE Conference on Computer Communications, pp. 636–645 (2020). https://doi.org/10.1109/INFOCOM41043 .2020.9155473

    work page doi:10.1109/infocom41043 2020

  24. [24]

    distribution copies

    Karim, I., Ishtiaq, A., Hussain, S., Bertino, E.: Blediff: Scalable and property- agnostic noncompliance checking for ble implementations, pp. 3209–3227 (2023). https://doi.org/10.1109/SP46215.2023.10179330

    work page doi:10.1109/sp46215.2023.10179330 2023

  25. [25]

    In: 2022 IEEE Symposium on Security and Privacy (SP), pp

    Wu, J., Wu, R., Xu, D., Tian, D.J., Bianchi, A.: Formal model-driven discovery of bluetooth protocol design vulnerabilities. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 2285–2303 (2022). https://doi.org/10.1109/SP46214.2022 .9833777

    work page doi:10.1109/sp46214.2022 2022

  26. [26]

    In: 2018 IEEE 11th International Conference on Software Testing, Verification and Validation (ICST), pp

    Ray, A., Raj, V., Oriol, M., Monot, A., Obermeier, S.: Bluetooth low energy devices security testing framework. In: 2018 IEEE 11th International Conference on Software Testing, Verification and Validation (ICST), pp. 384–393 (2018). https://doi.org/10.1109/ICST.2018.00045

    work page doi:10.1109/icst.2018.00045 2018

  27. [27]

    Yaseen, M., Iqbal, W., Rashid, I., Abbas, H., Mohsin, M., Saleem, K., Bangash, Y.A.: Marc: A novel framework for detecting mitm attacks in ehealthcare ble systems. J. Med. Syst.43(11), 1–18 (2019) https://doi.org/10.1007/s10916-019 24 -1440-0

    work page doi:10.1007/s10916-019 2019

  28. [28]

    Technical report, Karlstad University (2017)

    Peter Gullberg: Denial of service attack on bluetooth low energy. Technical report, Karlstad University (2017). https://www.researchgate.net/publication/3170638 84

    arXiv 2017

  29. [29]

    In: IEEE PerCom Workshops, pp

    James Ditton, Jad Moubarak: A proof-of-concept denial-of-service attack against bluetooth iot devices. In: IEEE PerCom Workshops, pp. 94–99 (2020)

    2020

  30. [30]

    In: Proc

    Juan Castro, Javier Nigam: Ble injection-free attack: Forcing key renegotiation without packet injection. In: Proc. Int. Conf. on Autonomous and Intelligent Systems (2019).https://nigam.info/docs/jaihc19.pdf

    2019

  31. [31]

    Garbelini, Chundong Wang, Sudipta Chattopadhyay: Sweyntooth: Unleashing mayhem over bluetooth low energy

    Matheus E. Garbelini, Chundong Wang, Sudipta Chattopadhyay: Sweyntooth: Unleashing mayhem over bluetooth low energy. In: USENIX ATC (2020). https://asset-group.github.io/disclosures/sweyntooth/sweyntooth.pdf

    2020

  32. [32]

    https://argenox.com/library/bl uetooth-low-energy/ble-advertising-primer 25

    Argenox Technologies: BLE Advertising Primer. https://argenox.com/library/bl uetooth-low-energy/ble-advertising-primer 25