Gattacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool

by Slawomir Jasek
Sept. 15, 2017 1 comment www.blackhat.com belen_caty Encryption & Authentication

The BLE specification assures secure connections through link-layer encryption, device whitelisting and bonding - a mechanisms not without flaws, although that's another story we are already aware of. A surprising number of devices do not utilize these mechanisms. Using a few simple tricks, we can assure the victim will connect to our impersonator device instead of the original one, and then just proxy the traffic - without consent of the mobile app or device. And here it finally becomes interesting - just imagine how many attacks you might be able to perform with the possibility to actively intercept the BLE communication! Basing on several examples, I will demonstrate common flaws possible to exploit, including improper authentication, static passwords, not-so-random PRNG, excessive services, bad assumptions - which allow you to take over control of smart locks, disrupt smart home, and even get a free lunch. I will also suggest best practices to mitigate the attacks.

https://www.blackhat.com/us-16/briefings.html#gattacking-bluetooth-smart-devices-introducing-a-ne...

Avatar
Steven Ulm 2 months, 3 weeks ago

The rule is as simple as it gets: you don't need Bluetooth, turn it off - no matter how, why and for how long.

Reply