Bluetooth Low Energy

BLE hardware-less hackme

Bluetooth Low Energy hardware-less hackme

Sławomir Jasek

5 minute read

Bluetooth Low Energy hardware-less HackMe is a free tool that aims to help getting familiar with the very basics of ubiquitous Bluetooth Low Energy technology and its (in)security - without the need of any dedicated hardware, nor sophisticated prior knowledge. It is based on a specially designed software (running on a typical Windows 10 laptop) - which simulates various BLE devices, on the radio layer working exactly the same as real ones. Hands-on challenges of increasing level - starting with simple introduction up to unlocking smart locks - allow for practical experience, the best possible way to learn.

Sławomir Jasek

20 minute read

Behold The Smart Lock! In case anyone would doubt its smartness, it is literally imprinted. Fitted with an enormously loud speaker - advertised as a feature to raise a solid anti-thief alarm. Using the same speaker for a normal unlock notification, thus enforcing you to cover your ears while opening, was not the smartest idea though. Security? Smart my shiny metal (…)!

Enough smart for the introduction. Give me the meat! TLDR exploit.

Sławomir Jasek

12 minute read

Okidokeys does not work any more

One of my smart locks, Okidokeys, unexpectedly just turned into a brick, and this time for a change I had nothing to do with it ;) The mobile application barked at me: “Login request has failed. Please try again”. And the more I tried again, the more the login request failed. I finally discovered the vendor’s application server was shut down. And suddenly recalled shutting down their official website, Twitter and Facebook accounts a while before, but did not consider it important back then. Now as it turns out, also the phone number and e-mail server is dead. Following a quick investigation I found out they have been acquired in the meantime. By translating French forum I also realized some locks are undergoing a migration procedure to a new system, and the users are supposedly being notified. I did not get any notification - maybe because based on the serial number my lock was apparently destined for ‘American market’. That market was not covered by the acquisition, and therefore my device is not eligible for migration, as many others also just found out. I guess we can’t count on support any more. I wonder how many of the > 5000 customers (approximation based only on Android mobile application installs) have the same problem. And as of today there is still plenty of offers on US Amazon and Ebay.