You'd better secure your BLE devices or we'll kick your butts !

DEF CON 26

Presented by: Damien Cauquil (virtualabs)
Date: Saturday August 11, 2018
Time: 12:00 - 12:45
Location: Track 2

Sniffing and attacking Bluetooth Low Energy devices has always been a real pain. Proprietary tools do the job but cannot be tuned to fit our offensive needs, while opensource tools work sometimes, but are not reliable and efficient. Even the recently released Man-in-the-Middle BLE attack tools have their limits, like their complexity and lack of features to analyze encrypted or short connections.

Furthermore, as vendors do not seem inclined to improve the security of their devices by following the best practices, we decided to create a tool to lower the ticket: BtleJack. BtleJack not only provides an affordable and reliable way to sniff and analyze Bluetooth Low Energy devices and their protocol stacks, but also implements a brand new attack dubbed "BtleJacking" that provides a way to take control of any already connected BLE device.

We will demonstrate how this attack works on various devices, how to protect them and avoid hijacking and of course release the source code of the tool.

Vendors, be warned: BLE hijacking is real and should be considered in your threat model.

Damien Cauquil

Damien is a senior security researcher who joined Digital Security in 2015 as the head of research and development. He discovered how wireless protocols can be fun to hack and quickly developed BtleJuice, one of the first Bluetooth Low Energy MitM framework. Damien presented at various security conferences including DEF CON, Hack In Paris, Chaos Communication Camp, Chaos Communication Congress, and a dozen times at Nuit du Hack, one of the oldest security conference.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats