DEF CON 26 — Damien virtualabs Cauquil — You had better secure your BLE devices

Дата: 22.10.2018. Автор: CISO CLUB. Категории: Подкасты и видео по информационной безопасности

Sniffing and attacking Bluetooth Low Energy devices has always been a real pain. Proprietary tools do the job but cannot be tuned to fit our offensive needs, while opensource tools work sometimes, but are not reliable and efficient. Even the recently released Man-in-the-Middle BLE attack tools have their limits, like their complexity and lack of features to analyze encrypted or short connections.

Furthermore, as vendors do not seem inclined to improve the security of their devices by following the best practices, we decided to create a tool to lower the ticket: BtleJack. BtleJack not only provides an affordable and reliable way to sniff and analyze Bluetooth Low Energy devices and their protocol stacks, but also implements a brand new attack dubbed «BtleJacking» that provides a way to take control of any already connected BLE device.

We will demonstrate how this attack works on various devices, how to protect them and avoid hijacking and of course release the source code of the tool.

Vendors, be warned: BLE hijacking is real and should be considered in your threat model.

CISO CLUB

Об авторе CISO CLUB

Редакция портала cisoclub.ru. Добавляйте ваш материал на сайт в разделе "Разместить публикацию".
Читать все записи автора CISO CLUB

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *