Just like any other mesh network, a Bluetooth Low Energy mesh faces many security threats. Mesh networks are very useful for small and large applications. In mesh networks, each intermediary node acts as a router to transmit traffic among peers if the destination node is not directly connected to the sender host. The formation of these nodes is considered reliable, and because of this, it is very hard to detect the presence of an intruder in the network.

BLE mesh security is becoming a hot issue among researchers as it is open to many attacks. As Bluetooth Low Energy promises a strong future in IoT, it is becoming very popular. But without providing concrete prevention against threats, it will be very difficult for it to make its presence in the industry. A Bluetooth Low Energy mesh is open to a variety of attacks, such as man-in-the-middle (MITM), passive and active eavesdropping, and privacy and denial of service (DoS) attacks. Bluetooth v4.2 catered to many of these issues by providing a better security mechanism (encrypted link using the Diffie-Hellman key exchange algorithm). However, BLE meshes are still open to battery exhaustion attacks. 

A battery exhaustion attack is an attack that consumes a device's battery to disable it. In the case of a Bluetooth Low Energy mesh, if there is an active battery exhaustion attack, it can take down a whole network. Since IoT devices are heavily dependent on batteries, this attack poses a serious threat on BLE meshes. It is a form of DoS attack through battery exhaustion. 

Here are some forms of battery exhaustion attacks in BLE:

• Service request power attacks: The attackers bombard a BLE device by sending requests to particular GATT services to deplete the batteries
• Malignant power attacks: This creates or modifies an executable (to be run on the BLE device) to drain the battery and, in some cases, to run harmful Trojan horses on the target device
• Benign power attacks: This forces a device to repeatedly perform battery-heavy tasks to speed up battery drainage