DEF CON 26 - Damien virtualabs Cauquil - You had better secure your BLE devices

День тому

Sniffing and attacking Bluetooth Low Energy devices has always been a real pain. Proprietary tools do the job but cannot be tuned to fit our offensive needs, while opensource tools work sometimes, but are not reliable and efficient. Even the recently released Man-in-the-Middle BLE attack tools have their limits, like their complexity and lack of features to analyze encrypted or short connections.
Furthermore, as vendors do not seem inclined to improve the security of their devices by following the best practices, we decided to create a tool to lower the ticket: BtleJack. BtleJack not only provides an affordable and reliable way to sniff and analyze Bluetooth Low Energy devices and their protocol stacks, but also implements a brand new attack dubbed "BtleJacking" that provides a way to take control of any already connected BLE device.
We will demonstrate how this attack works on various devices, how to protect them and avoid hijacking and of course release the source code of the tool.
Vendors, be warned: BLE hijacking is real and should be considered in your threat model.

КОМЕНТАРІ: 13

@z-h-d 4 роки тому

Amazing amount of study and work performed by one person! Very inspiring indeed!

@mkesenheimer Рік тому

Thank you vor the very interesting talk. I learned a lot! I ordered three micro:bits last week and I am eagerly hoping to try out this project as soon as possible. Keep up the good work. I am looking forward to your next great project.

@simonstergaard 5 років тому

Extreemly interesting.

@rayfelch3554 3 роки тому

Thank you Damien!

@thiemseb 4 роки тому

In the video is shown a picture of 4 stacked microbits with help of a board. Where can I buy such board?

@1roadrage1 3 роки тому

This is a comment.

@djddit5045 4 роки тому

can someone get him some help please his outta breath from just talking i dont want to hear he suffered a heart attack

@098765432qwertyuiop 4 роки тому

It's harder when you are a bit shy and speak a foreign language. Content is more interesting than form.

@EM-ps4kr 4 роки тому

So he can‘t give a talk if he has asthma or copd or some other problem? #empathy Also, perhaps you should do some traveling to learn that the universe does not revolve around English and this is how people talk in various countries.

@WoahthereIan 2 роки тому

If you watch his previous years talk, you can tell he's been practicing and is getting better. Technical jargon in a second language is difficult