This article analyzes vulnerabilities in Bluetooth low energy (BLE) connections in smartphones against replay and tracking attacks using software defined radio (SDR), evaluating four scenarios with BLE headsets and smartphones from different manufacturers through HackRF one, GNU radio, and Wireshark. In scenario 1, the advertising message ADV_NONCONN_IND was captured and retransmitted, generating persistent and deceptive pairing pop ups on smartphones. In scenario 2, fake pairing request signals were replicated to simulate a connection attempt, causing interface errors and deceptive notifications for the user. In scenario 3, complete pairing sequences were captured and replayed, producing false connection alerts and fabricated information such as battery level indicators from non existent devices. In scenario 4, passive tracking enabled the extraction of sensitive data during the pairing process, including ADV_IND packets, media access control (MAC) addresses, frequencies, manufacturer identifiers, and transmission power levels. A total of 93 successful and 123 failed attacks were recorded, with abnormal behaviors observed such as false pairing requests and manipulated device data, exposing users to risks of identity spoofing, denial of service (DoS) attacks, or targeted interference. The results highlight BLE protocol weaknesses against radio frequency (RF) based attacks and demonstrate the potential of SDR tools as powerful instruments for wireless protocol validation and cybersecurity research.

Bluetooth; Bluetooth low energy; Replay attack; Security; Sniffing; Software defined radio