Bluetooth Low Energy is one of the most exploding IoT technologies. BLE devices surround us more and more - not only as wearables, toothbrushes and sex toys, but also smart locks, medical devices and banking tokens. Alarming vulnerabilities of these devices have been exposed multiple times recently. And yet, the knowledge on how to comprehesively assess their security seems very uncommon. Not to mention best practices guidelines, which are practically absent.
There is no doubt electronic locks are among the most profitable smart devices to attack. And yet recent disclosures of multiple vulnerabilities clearly show there are not enough specialists able to help with software-related issues of so-far mostly hardware vendors. This course is intended to fill this skills gap. Based on hands-on exercises with real devices (a dozen various smart locks), attendees will learn how to analyze their security and design them properly.
Learn how to assess and secure IoT devices by having fun with hacking a dozen of devices among most profitable to attack - smart locks. The agenda will include: wireless sniffing, spoofing, cloning, replay, DoS, authentication and command-injection attacks, analyzing proprietary network protocols, breaking “Latest PKI technology”, abusing excessive services… The software-focused activities will be mixed with short entertaining tricks like opening lock by a strong magnet, counterfeiting fingerprints in biometric sensor or opening voice-controlled lock by hacking nearby speaking toys.