BlackHat USA 2025 training

Bluetooth Low Energy Hacking Masterclass

Las Vegas

BlackHat USA 2025 Conference

This intensive two-day training provides a deep dive into Bluetooth Low Energy security, equipping cybersecurity professionals with advanced skills to identify, analyze, and exploit vulnerabilities in BLE devices.

The session begins with the foundational exploration on how this technology works by interacting with your dedicated, included device: understanding BLE broadcasting (advertising device presence, trackers, beacons) and connections (services, characteristics, GATT reading/writing/notifications). You will quickly turn on your simulated “lightbulb” and surprisingly - you will already be able to take control over so many devices that do not implement any security mechanisms at all. With this essential cornerstone in place, we will proceed with passively intercepting the BLE communication - using radio layer sniffers (nRF Sniffer, SniffLE) into Wireshark. We will also introduce an option that might even be better in many situations: dumping the Bluetooth packets directly on the phone. After sniffing communication of your own sample device, you will have opportunity to capture among others a plain text password of an example smart lock and OTP indication of a “secure” banking token.

We will follow with more complex topics: setting up wireless remote relay/machine-in-the-middle scenario using Raspberry Pi, identifying and cracking insecure pairing configurations, and analyzing BLE proprietary communication protocols. With this arsenal of attacks mastered, you will confidently proceed to conduct your first security assessment of a BLE device: a car (simulated in your individual devkit). You will intercept communication, analyze the packets, attempt to replay, identify weaknesses in encryption, reverse-engineer and attack vendor-specific command protocol. Once you succeed with this task, you can optionally followup with the next level assessment: a “perfect security” smart lock!

Accompanying topics will cover also among others introduction to Bluetooth 5 and 6, Bluetooth Mesh, overview of BLE related vulnerabilities (from protocol specification to implementations), jamming using $5 ESP32, injecting and hijacking existing connections, firmware over the air, and device development/flashing (including adjusting our dedicated training firmware).

If you haven’t reached Bluetooth overload by this point, the additional homework options will help you refine and expand your skills using the provided, included hardware kit and detailed step-by-step instructions.

Key takeaways

  • Solid understanding of Bluetooth Low Energy, possible attacks, current tools, associated risks.
  • Ability to perform security assessment of a typical BLE device.
  • Ready to use lab setup, allowing not only to revisit all hands-on exercises after the session, but also apply the skills directly to real devices.

Who should take this course

  • Pentesters, security professionals, red teamers, researchers.
  • BLE device designers, developers.
  • Anyone interested in BLE security.

Audience skill level

Beginner/intermediate

Student requirements

  • No prior Bluetooth knowledge needed.
  • Basic familiarity with Linux command line, python scripting, pentesting experience (mobile app security, Wireshark, …) will be an advantage, but are not required.

What students should bring

  • Laptop (Windows, Linux or MacOS x86-64 or Arm Apple Silicon) capable of running virtual machine, 40GB disk space, 2x USB type A port (or USB hub). Administrative privileges may be required to allow connecting external USB devices to VM (some corporate laptops may have this feature disabled).
  • Smartphone, preferably Android (not necessarily new, up to ~8 years old). We will install a free application. Several phones will be available for students during the session.

What students will be provided with

  • Course materials in PDFs (over 1000 pages)
  • All required additional files: source code, documentation, installation binaries, virtual machine images
  • Take-away hardware pack of about 150$ value for hands-on exercises, consisting of sample BLE device and attack tools:
    • Raspberry Pi with BLE tools
    • nRF52 devkit (nRF sniffer, sample BLE device)
    • TI CC2652 sniffer (SniffLE)
    • ESP32 with training firmware (sample BLE device)
    • Bluetooth Low Energy USB dongles

Register here:

https://www.blackhat.com/us-25/training/schedule/#bluetooth-low-energy-hacking-masterclass-44393

comments powered by Disqus