Basically IoT Bluetooth Security is Rubbish!

I have quite a few presentations coming up, and I’m getting all ready to demo a few things live. And so, while we face a world of IoT, unfortunately the associated security is not quite there. One of the weakests area is Bluetooth, and so I’ve installed an Ubertooth One on a virtual machine (and on a R-PI), and getting all ready to give demos. One of my favouriate devices is the Polar H10 device:

And so I strapped it on, and ran the app, and which gave my heart rate at 68 bpm. Surely the manufacturer has kept this value secret? And so I ran:

ubertooth-btle -f -c output.pcap

and captured the output:

But, no, the Bluetooth packets were sniffed by the Ubertooth One, and where it even gave away the serial number of my device: