Picking Bluetooth Low Energy Locks from a Quarter Mile Away

DEF CON 24

Presented by: Ben Ramsey, Anthony Rose
Date: Friday August 05, 2016
Time: 14:00 - 15:00
Location: IoT Village

Many Bluetooth Low Energy (BLE) enabled deadbolts and padlocks have hit the market recently. These devices promise convenience and security through smartphone control. We investigated sixteen of these products from multiple vendors and discovered wireless vulnerabilities in most of them. Using a $50 antenna, we successfully picked vulnerable locks from over 400 meters away. In this presentation we introduce open source tools to crack each of the vulnerable BLE locks. Furthermore, after surveying the open source Bluetooth hacking tools currently available, we find very little support for BLE. So, to make discovering and range finding to BLE devices easier, we introduce a new open source war-walking tool compatible with both Bluetooth Classic and BLE.

Anthony Rose

Anthony Rose is an electrical engineer with five years of network security experience. His prior work includes traffic and quality optimization for wireless video protocols. Currently he focuses on Bluetooth security and wireless penetration testing.

Ben Ramsey

Ben Ramsey, PhD, CISSP, has over a decade of experience in network security research. His work focuses on critical infrastructure protection and low power wireless protocols, such as ZigBee, Z-Wave, and Bluetooth Low Energy. He has published in several academic journals and has presented research at multiple conferences, including GLOBECOM, MILCOM, SenseApp, and ShmooCon.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats