During upcoming HITB Cyberweek 2020’s 2 hour virtual hands-on lab “introduction to Bluetooth Low Energy security”, a new BLE HackMe will be introduced. It is an educational application which simulates various BLE devices to interact with, running on a standard Windows 10 computer (no special hardware required). In a series of tasks to solve you will get familiar with BLE advertisements, beacons, connections, take control over BLE smart bulb, reverse-engineer the communication protocol, brute force passwords, and hack real smart lock. An Android phone which will connect to the simulated device is recommended for solving the tasks.
Bluetooth Low Energy is one of the most widespread and rapidly growing IoT technologies. An average person may even encounter hundreds various BLE devices during the day. Unfortunately, vast majority of these is affected by various security issues. Alarming vulnerabilities - not only in BLE toothbrushes or dildos, but also smart locks, medical devices and banking tokens - are revealed on a daily basis. And yet, the knowledge on how to comprehensively assess them seems uncommon.
In this lab you will get familiar with the very basics of BLE and its (in)security. You will however leave surprised - how many devices it is possible to “hack” using such simple techniques. Following a short introduction, we will dive straight into hands-on practical exercises. How is that possible - wireless hardware security lab delivered as virtual session? The secret recipe lies in specially designed software - which on the radio layer works exactly as real BLE device. Hence no special hardware required: you will only need a typical Windows 10 laptop and (preferably Android) phone. Based on the simulated device, you will grasp BLE basics, then possible to apply easily to real ones.
The lab will cover among others:
- BLE theory introduction
- BLE broadcast advertisements
- packet format, understanding raw bytes
- iPhone BLE broadcast packets leaking phone number
- covid-19 “exposure notification” (contact tracing)
- spoofing devices
- BLE connections
- GATT services and characteristics
- wait, is there a pairing or not?
- how to “hack” the simplest devices using just a phone (BLE dildo demo)
- is it really so easy to hack smart locks?
- What next? Want to learn more? References, links, …
In order to participate hands-on you will need:
Windows 10 computer with Bluetooth - any recent laptop should do. Sorry, it will not work in Virtual Machine. You will download the HackMe software from Microsoft Store.
Android phone with free mobile application - we will use nRF Connect. There is also iOS version of the application, but unfortunately iOS has limited low level BLE features and you won’t be able to solve all the tasks.
Instead of Android phone, it is also possible to use other tools (for example running on Linux or Mac), but you are on your own.
Check Twitter for free access registration promo codes!
Slides from the lab: