Hacking BLE Bicycle Locks for Fun and a Small Profit

Conference:  Defcon 26



The presentation explores the security vulnerabilities of BLE 'Smart' locks on shared bicycles and provides a simplified approach to hacking them.
  • Overview of the bike sharing economy and the locks used on shared bicycles
  • Recap of BLE and its communication protocol
  • Analysis of communications between a mobile device and the BLE lock
  • Demonstration of an app built to hack BLE locks and get free rides
  • Emphasis on the lack of security in smart locks and the need for proper testing and validation
The speaker bought a smart bike lock from a Chinese shopping site and tore it apart to understand its mechanism. He then used a tool called Blare to enumerate the services and characteristics of the lock and intercepted BLE traffic to understand its communication protocol. He also simplified the process of hacking BLE locks using Frida, making it accessible to anyone with basic mobile phone experience.


Hack a lock and get free rides! (No free beer yet though...). This talk will explore the ever growing ride sharing economy and look at how the BLE "Smart" locks on shared bicycles work. The entire solution will be deconstructed and examined, from the mobile application to its supporting web services and finally communications with the lock. We will look at how to go about analysing communications between a mobile device and the lock, what works, what doesn't. Previous talks on attacking BLE targeted the protocol itself using various hardware and software such as Ubertooth and Wireshark, which could be potentially difficult for someone new wanting to explore BLE and the ever connected IoT world. I'll simplify and stupidify the entire process such that anyone with a mobile phone and basic experience with Frida can go about breaking locks and hacking BLE the world over.