The presentation explores the security vulnerabilities of BLE 'Smart' locks on shared bicycles and provides a simplified approach to hacking them.
- Overview of the bike sharing economy and the locks used on shared bicycles
- Recap of BLE and its communication protocol
- Analysis of communications between a mobile device and the BLE lock
- Demonstration of an app built to hack BLE locks and get free rides
- Emphasis on the lack of security in smart locks and the need for proper testing and validation
The speaker bought a smart bike lock from a Chinese shopping site and tore it apart to understand its mechanism. He then used a tool called Blare to enumerate the services and characteristics of the lock and intercepted BLE traffic to understand its communication protocol. He also simplified the process of hacking BLE locks using Frida, making it accessible to anyone with basic mobile phone experience.