During upcoming HackInParis 2019 I will present a series of introductory workshops about security of NFC Mifare Classic and Bluetooth Low Energy. The workshops are short (45min each session), but packed with practical knowledge and hopefully entertaining - performed on a real access control installation, hotel lock and BLE smart locks. Most hands-on exercises will be possible to complete using just a phone, and easy to follow.
Bluetooth Low Energy (Smart, 4) is recently gaining more and more traction as one of the most common and rapidly growing IoT technologies. Unfortunatelly the prevalence of technology does not come with security. Alarming vulnerabilities in BLE smart locks, medical devices and banking tokens are revealed day by day. And yet, the knowledge on how to comprehensively assess them seems very uncommon. In this workshop you will get familiar with the basics of BLE security.
In this workshop you will get familiar with the basics of BLE security. We will work on a dedicated, readily available BLE hardware nRF devkit device. In a minutes you will turn into embedded developer and learn how to program your own BLE device yourself, using a free web interface and ready templates. Next, from attacker’s perspective, we will cover among others: sniffing, spoofing, MITM, replay and relay. Having enough time, we will play with a collection of vulneraBLE smart locks, sex toys and other devices.