Bluetooth Hacking

What's the best way to setup a home network? Why should I care about BGP?

Bluetooth Hacking

Post by swtd on Tue Nov 19, 2019 6:00 am
([msg=99679]see Bluetooth Hacking[/msg])

Hey guys!

So a while back someone posted in the shoutbox asking about good resources regarding hacking bluetooth. I've never really looked into bluetooth, but I figured it couldn't be too different from WiFi (which I have spent a bunch of time messing with) so I decided to look around a bit. Turns out I was super wrong. Three thousand pages later it turns out I couldn't be more wrong. Go figure. Anyway, I delved a bit deeper and found some pretty cool historic attacks thought it'd be neat to drop the links here and see if we could drum up some conversation. Maybe if anyone's interested we could work on mocking up and running the PoCs to see how they work and such. I dunno. Worst case someone sees something cool that they didn't know before.

- Anyway, first up is BlueBorne: a suite of attacks ranging from info disclosure and MitM to full-blown unauthenticated, connectionless, over-the-air, root RCE (on some systems. Regular RCE on others). And this is from earlier last year. Holy crap. Their technical whitepaper has tons of background info on Bluetooth and very good descriptions of the vulns themselves. A super cool read.
- Next we've got the slightly-less-exciting-yet-infinitely-more-approachable network-level attack against this garbage IoT device. Using an Ubertooth One to watch traffic between the device their mobile device allowed them to do some nasty things. Turns out safe companies don't know how to write software. Go figure. Also worth noting: more of a hack using bluetooth than a "bluetooth hack". I still count it.
- And, finally, a rather old overview of the general landscape (at the time) from a prestigious security conference in Germany.

As a general info point, a lot of these examples were found pivoting off of MITRE's CVE database, a pretty neat tool for tracking a searching through known vulnerabilities. While it's kind of tough getting the actual exploit of technical details from the site itself, it's a good enough starting point.

So what do you guys think? Is this something any of you would be interested in pursuing? I can continue dumping links as I come across them or get a firmware blob from a listed device or... I dunno? Start working on a fuzzer for some of the internal communication structures?

Whatever the case, thanks for reading!


New User
New User
Posts: 5
Joined: Tue Nov 19, 2019 4:50 am
Blog: View Blog (0)

Re: Bluetooth Hacking

Post by Pagarekunal on Tue Dec 31, 2019 1:07 am
([msg=100015]see Re: Bluetooth Hacking[/msg])

New User
New User
Posts: 1
Joined: Tue Dec 31, 2019 12:49 am
Blog: View Blog (0)

Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests