An introduction to the Bluetooth communications protocols, exploring the way that they differ from other wireless technologies, how they can be monitored, interfered with and the security implications of using them. Students will learn how Bluetooth devices hide from and discover one another, establish a connection and communicate. We will then look at how we may exploit this process and the best practices for securing devices. Each student will receive an Ubertooth One, USB Bluetooth dongle and a Bluetooth device to experiment with.
This course is aimed at penetration testers wishing to explore low-power wireless devices, IoT developers who want to learn how to build more secure Bluetooth devices and hackers with an interest in alternative wireless protocols.
Students require high level knowledge of network protocols. No programming ability is required.
Students should bring a laptop either running Linux or capable of booting from USB.
Students will be provided with an Ubertooth One, a Bluetooth adapter a target device.
Mike Ryan has been researching Bluetooth and Bluetooth Smart (BLE) since 2012. He designed and built Ubertooth's BLE sniffing code, crackle (a tool that breaks BLE's key exchange), and PyBT (a hackable Bluetooth stack in Python). He is also responsible for CVE-2014-4428, a weakness in the Bluetooth stacks of iOS, OS X, and Apple TV. Along with Richo Healey he is a co-owner of CVE-2015-2247, a Bluetooth vulnerability in Boosted electric skateboards. Formerly with iSEC Partners, Mike currently leads eBay's Red Team.
Dominic Spill is senior security researcher for Great Scott Gadgets. The US government recently labelled him as "extraordinary". This has gone to his head.