Bluetooth Hacking: Tools And Techniques | Mike Ryan | hardwear.io USA 2019

  Переглядів 43,753

hardwear.io

hardwear.io

День тому

Talk Abstract:
This talk by Mike Ryan described how to reverse engineer Bluetooth data on a variety of devices including a heart monitor, a padlock, a music listening device, a Bluetooth credit card, and a Bluetooth-controlled skateboard. Although the techniques depended on physical access to the device (attacks that did not have this access would require a protocol sniffer), it was an exciting demonstration of how to extract Bluetooth data from the device before it goes out to the air. And that said, the threat model for some Bluetooth devices (such as that credit card) should assume that someone will be handling those devices out of your sight.
About Presenter:
Mike Ryan is a noted expert on Bluetooth security. He has discovered several Bluetooth-related CVEs: CVE-2018-9119 (stealing credit card numbers via Bluetooth), CVE-2014-4428 (affecting OS X, iOS, and Apple TV), and along with Richo Healey discovered CVE-2015-2249 (affecting Boosted electric skateboards). In 2016 Mike founded ICE9 Consulting to address the increasing demand for security reviews of IoT devices. Mike's personal motto is "if you like it, you shoulda put Bluetooth on it."
#BluetoothHacking #Security #IoT
------------------------------------------------------------------------------------
Website: hardwear.io
Follow hardwear.io on Twitter: / hardwear_io .
Follow hardwear.io on Facebook: / hardwear.io
-------------------------------------------------------------------------------------

КОМЕНТАРІ: 34
@christopherpetrov2355
@christopherpetrov2355 Рік тому
Can use use Raspi bluetooth to sniff psockets??
@katikati39
@katikati39 3 роки тому
You should see how easy is doing all of that with BLE:Bit lol
@DELREYGUY
@DELREYGUY Рік тому
I bought a Bluetooth FM transmitter direct from China and the language prompts are only available in Chinese. Can I hack the unit to speak English?
@punkpendulums
@punkpendulums Рік тому
10:33 enable HCI snoop log
@declanahern1736
@declanahern1736 2 роки тому
Hi, I am trying to deveop a system that captures heart rate data and forwards to a smart bulb as a warning i.e red = bad. I am unable to see my polar h7 device data, I am using rasbian on a raspberry pi 3. How have set up wireshark to capture tha data as you have above?
@mohammedal-shaboti7939
@mohammedal-shaboti7939 3 роки тому
Great, but you didn't mention where to find this log file, I couldn't find it. seems it need to use ADB or something else.
@Diogo154677
@Diogo154677 3 роки тому
source.android.com/devices/bluetooth/verifying_debugging#debugging-with-bug-reports
@EricSanchez-qs3bi
@EricSanchez-qs3bi 3 місяці тому
Great job 9999 % guy
@midnitekisses9559
@midnitekisses9559 Рік тому
How close do you have to be to the target device?
@punkpendulums
@punkpendulums Рік тому
05:08 how can you pretend it's 100% reliable if you never tried it and if apparently three people in the world only have already used it ?
@teclishighelf5787
@teclishighelf5787 4 роки тому
This method only sniffs packets going to your device. Its not promiscuous mode.
@sophiawilson1934
@sophiawilson1934 3 роки тому
Bluetooth in 2020?
@Parrotassassin15TechToker
@Parrotassassin15TechToker 2 роки тому
Yeah so many things use it and bluetooth is already inherently unsecure
@EricSanchez-qs3bi
@EricSanchez-qs3bi 3 місяці тому
Bingo
@EricSanchez-qs3bi
@EricSanchez-qs3bi 3 місяці тому
Or cut off a person or persons payroll
@EricSanchez-qs3bi
@EricSanchez-qs3bi 3 місяці тому
Rabel
@EricSanchez-qs3bi
@EricSanchez-qs3bi 3 місяці тому
Ring bell
@ABlackScreenASMR
@ABlackScreenASMR 3 роки тому
Who is this talk for.. 2:24 bluetooth device developers *nods* penetration testers *nods* managers *nods* me *smiles* Old man that wants in on ur moms phone calls *smiles* Fake FBI service van *Smiles*
@Parrotassassin15TechToker
@Parrotassassin15TechToker 2 роки тому
😂😂😂😂
@conforzo
@conforzo 2 роки тому
Guy who wants to sleep at 6AM but the corridor above plays horrible EDM music *cries*
@EricSanchez-qs3bi
@EricSanchez-qs3bi 3 місяці тому
Sit stat ea fee er table
@EricSanchez-qs3bi
@EricSanchez-qs3bi 3 місяці тому
Cant be a 1000 only the lord is perfect
@cvoges12
@cvoges12 4 роки тому
> I've learned everything I know about TCP/IP from wireshark We can tell
@bluegizmo1983
@bluegizmo1983 Рік тому
This really should've been called "Reverse engineering Bluetooth devices", not hacking Bluetooth! Everything talked about here requires being already paired to the devices, that's not hacking. Hacking would be doing all this WITHOUT being paired to the devices and without having physical access to the devices.
@mistermister8
@mistermister8 4 роки тому
50 minutes of your life you'll never get back.
@Parrotassassin15TechToker
@Parrotassassin15TechToker 2 роки тому
How so
Hack like Mr Robot // WiFi, Bluetooth and Scada hacking
45:23
David Bombal
Переглядів 2 млн
Top 5 Best Hacking Hardware
11:41
zSecurity
Переглядів 333 тис.
Stop This Train, Win a Lamborghini
18:53
MrBeast
Переглядів 100 млн
3 HACKING gadgets you have to TRY!!
19:34
NetworkChuck
Переглядів 1,3 млн
11 Most Dangerous Hacking Gadgets in 2023 #hacker #gadgets
10:01
BEST COOL TECH
Переглядів 551 тис.
Flipper Zero: Hottest Hacking Device?
10:01
David Bombal
Переглядів 7 млн
Access Location, Camera  & Mic of any Device 🌎🎤📍📷
15:48
zSecurity
Переглядів 1,9 млн
Top Hacking Books for 2023
27:16
David Bombal
Переглядів 343 тис.
Network Basics For Hackers (and everyone)
6:05
An0n Ali
Переглядів 44 тис.
10 ILLEGAL GADGETS YOU CAN BUY!
9:02
BEST COOL TECH
Переглядів 3,3 млн
How To Reverse Engineer A Bluetooth Device
11:53
Hacking Modern Life
Переглядів 37 тис.
Google Pixel 4 pt.2
0:59
youngfix
Переглядів 1,5 млн
Как работает транзистор
1:00
MALKONS ENGINEERING
Переглядів 859 тис.
Apple Vision Pro
0:42
Янчик
Переглядів 11 млн