logo
allArticlesConferencesPresentations

You'd better secure your BLE devices or we'll kick your butts !

Conference:  Defcon 26

2018-08-01

Summary

The presentation discusses the vulnerability of Bluetooth Low Energy (BLE) devices to hacking and unauthorized access, with a focus on sex toys and drones. The speaker demonstrates how easy it is to hijack the connection of these devices and take control over them, potentially leaking valuable information. The presentation also highlights the lack of security measures in some BLE devices and the need for better authentication and encryption mechanisms.
  • BLE devices, including sex toys and drones, are vulnerable to hacking and unauthorized access
  • The speaker demonstrates how easy it is to hijack the connection of these devices and take control over them, potentially leaking valuable information
  • Some BLE devices lack proper authentication and encryption mechanisms, making them more susceptible to attacks
  • The Bluetooth 5 version of the protocol is capable of about 800 meters connections, which may increase the risk of unauthorized access
  • Better security measures, such as pairing and encryption, are needed to protect BLE devices from hacking and unauthorized access
The speaker demonstrates how he was able to hijack the connection of a sex toy using a smartphone and make it vibrate at different levels. He also shows how he was able to take control over a drone using a small application installed on his phone and disconnect the owner's smartphone from the drone, rendering it useless. These examples illustrate the ease with which BLE devices can be hacked and the potential consequences of such attacks.

Abstract

Sniffing and attacking Bluetooth Low Energy devices has always been a real pain. Proprietary tools do the job but cannot be tuned to fit our offensive needs, while opensource tools work sometimes, but are not reliable and efficient. Even the recently released Man-in-the-Middle BLE attack tools have their limits, like their complexity and lack of features to analyze encrypted or short connections. Furthermore, as vendors do not seem inclined to improve the security of their devices by following the best practices, we decided to create a tool to lower the ticket: BtleJack. BtleJack not only provides an affordable and reliable way to sniff and analyze Bluetooth Low Energy devices and their protocol stacks, but also implements a brand new attack dubbed "BtleJacking" that provides a way to take control of any already connected BLE device. We will demonstrate how this attack works on various devices, how to protect them and avoid hijacking and of course release the source code of the tool. Vendors, be warned: BLE hijacking is real and should be considered in your threat model.
Materials:
Tags:

Post a comment

Related work

Defeating Bluetooth Low Energy 5 PRNG for Fun and Jamming

Conference:  Defcon 27
Authors:
2019-08-01

BrokenMesh: New Attack Surfaces of Bluetooth Mesh

Conference:  Black Hat USA 2022
Authors:
2022-08-10

Finding New Bluetooth Low Energy Exploits via Reverse Engineering Multiple Vendors' Firmwares

Conference:  BlackHat USA 2020
Authors:
2020-08-05

BLEEDINGBIT: Your APs Belong to Us

Conference:  BlackHat EU 2018
Authors:
2018-12-06

BlueMaster: Bypassing and Fixing Bluetooth-based Proximity Authentication

Conference:  BlackHat EU 2019
Authors:
2019-12-05

Moving from Hacking IoT Gadgets to Breaking into One of Europe's Highest Hotel Suites

Conference:  BlackHat USA 2019
Authors:
2019-08-08