Bluetooth Hacking: A Practical Introduction

Bluetooth is ubiquitous across mobile devices, automotive systems, IoT devices, and really any device you can think of (including Lego!). Despite its widespread adoption, it is often overlooked as a possible attack vector and not properly assessed during the development phase of a product. While the Bluetooth protocol specification has its own weaknesses, in practice security issues more often stem from specific design choices and stack configurations, making it essential to cover both aspects.

This hands-on workshop provides an introduction to Bluetooth hacking from a security researcher’s perspective. Participants will gain an understanding of the Bluetooth protocol stack, including the physical layer, link management, and higher-level protocols such as L2CAP, RFCOMM, and GATT. The goal is to equip the participants with the necessary skills, knowledge, and tools to get started with their own Bluetooth security research.

The workshop covers device discovery and enumeration for both Bluetooth Classic and Low Energy, pairing and authentication mechanisms, and the exploitation of common vulnerabilities in the pairing process. Participants will learn traffic capture techniques, protocol testing methodologies for custom GATT and RFCOMM services, and address spoofing attacks. The workshop also contains practical exercises involving the analysis and exploitation of a real Bluetooth-enabled device.

No prior Bluetooth expertise is required. Participants should be comfortable with the Linux command line and ideally have some basic Python scripting skills. By the end of the workshop, attendees will have acquired skills for Bluetooth security assessments and practical experience with Bluetooth devices and tooling.