Skip to content

Robertrabbit/awesome-bluetooth-security

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
 
 
 
 
 
 

Repository files navigation

Awesome Bluetooth Security (BR, EDR, LE, and Mesh)

Awesome

This list links to useful references for anyone working with Bluetooth BR/EDR/LE or Mesh security.

Submit a PR if something is missing!

To Do

  • Add list of useful research papers and whitepapers
  • Add list of useful articles
  • Add list of useful books

Contents


Notable Vulnerabilities

Vulnerability name Conference & Year published Vulnerability website URL Paper URL Video URL SIG Notice Technology Impacted Related CVE
BlueBorne Black Hat Europe 2017 Site Paper Video No Notice BR/EDR CVE-2017-8628, CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785, CVE-2017-14315, CVE-2017-1000250, CVE-2017-1000251, CVE-2017-14315, CVE-2017-1000410
Bleedingbit 2018 Site Paper Video No Notice LE CVE-2018-7080, CVE-2018-16986
Fixed Coordinate Invalid Curve Attack 2018 Site Paper Video SIG Notice BR/EDR/LE CVE-2018-5383
SweynTooth 2019 Site Paper Video No Notice LE CVE-2019-16336, CVE-2019-17060, CVE-2019-17061, CVE-2019-17517, CVE-2019-17518, CVE-2019-17519, CVE-2019-17520, CVE-2019-19192, CVE-2019-19193, CVE-2019-19194, CVE-2019-19195, CVE-2019-19196, CVE-2020-10061, CVE-2020-10069, CVE-2020-13593, CVE-2020-13594, CVE-2020-13595
KNOB USENIX 2019 Site Paper Video SIG Notice BR/EDR CVE-2019-9506
BIAS IEEE S&P 2020 Site Paper Video SIG Notice BR/EDR CVE-2020-10135
Pairing Method Confusion 2020 Site Paper No Video SIG Notice BR/EDR/LE CVE-2020-10134
BlueFrag 2020 Article No Paper No Video No Notice Android CVE-2020-0022
Spectra Black Hat USA 2020 Abstract TBD Video No Notice WiFi+BT modules CVE-2019-15063, CVE-2020-10367, CVE-2020-10368, CVE-2020-10369, CVE-2020-10370
BLURtooth 2020 Site Paper Video SIG Notice BR/EDR+LE CVE-2020-15802, CVE-2022-20361
BLESA WOOT 2020 Site Paper Video No Notice LE CVE-2020-9770
BleedingTooth 2020 Site Writeup Video No Notice Linux CVE-2020-12351, CVE-2020-12352, CVE-2020-24490
BlueMirror WOOT 2021 Site Paper Video Multiple SIG Notices BR/EDR/LE/Mesh CVE-2020-26555, CVE-2020-26556, CVE-2020-26557, CVE-2020-26558, CVE-2020-26559, CVE-2020-26560
InjectaBLE IEEE DSN 2021 Site Paper No Video SIG Notice LE CVE-2021-31615
BrakTooth 2021 Site Paper Video No Notice BR/EDR CVE-2021-28135, CVE-2021-28136, CVE-2021-28139, CVE-2021-28155, CVE-2021-31717, CVE-2021-31609, CVE-2021-31611, CVE-2021-31612, CVE-2021-31613, CVE-2021-31785, CVE-2021-31786, CVE-2021-31610, CVE-2021-34143, CVE-2021-34144, CVE-2021-34145, CVE-2021-34146, CVE-2021-34147, CVE-2021-34148, CVE-2021-34149, CVE-2021-34150
Pairing Mode Confusion 2022 No Site No Paper No Video SIG Notice LE CVE-2022-25836
Pairing Mode Confusion 2022 No Site No Paper No Video SIG Notice BR/EDR CVE-2022-25837
BLUFFS 2023 Site Paper No Video SIG Notice BR/EDR CVE-2023-24023

Conference Talks

2003

  • DEF CON 11 - Bruce Potter - Bluetooth - The Future of Wardriving Video

2004

  • 21C3 - Marcel Holtmann, Martin Herfurt, Adam Laurie - Bluetooth Hacking Video
  • Black Hat USA 2004 - Adam Laurie, Martin Herfurt - BlueSnarfing The Risk From Digital Pickpockets Video

2005

  • 22C3 - Marcel Holtmann, Martin Herfurt, Adam Laurie - Bluetooth Hacking - The State of The Art Video

2006

  • 23C3 - Thierry Zoller, Kevin Finistere - Bluetooth Hacking Revisited Video
  • Black Hat USA 2006 - Bruce Potter - Bluetooth Defense Kit Black Hat Video

2007

  • DeepSec 2007 - Marcel Holtmann - New Security Model of Bluetooth 2.1 Video

2009

  • DEF CON 17 - Dominic Spill, Michael Ossmann, and Mark Steward - Bluetooth Smells like Chicken Video
  • Shmoocon 2009 - Bluetooth-Ossman.m4v Video

2010

  • Shmoocon 2010 - Michael Ossmann - Bluetooth Keyboards: Who Owns Your Keystrokes? Video
  • DEF CON 18: Breaking Bluetooth by Being Bored 1/3 Video

2011

  • ShmooCon 2011 - Project Ubertooth: Building a Better Bluetooth Adapter Video
  • DeepSec 2011 - Tommi Makila & Jukka Taimisto: Intelligent Bluetooth Fuzzing - Why bother? Video

2012

  • Ruxcon 2012 - Dominic Spill - Bluetooth Packet Sniffing Using Project Ubertooth Video
  • Toorcon 2012 - Hacking Bluetooth Low Energy: I Am Jack's Heart Monitor Video
  • DEF CON 20 - Passive Bluetooth Monitoring in Scapy Video

2013

  • USENIX WOOT 2013 - Mike Ryan - Bluetooth: With Low Energy Comes Low Security Video
  • ShmooCon 9 - How Smart Is Bluetooth Smart? Video
  • Black Hat USA 2013 - Bluetooth Smart: The Good, the Bad, the Ugly, and the Fix! Video
  • DeepSec 2013 - Veronica Valeros & Sebastian Garcia: Uncovering your Trails - Privacy Issues of Bluetooth Devices Video

2014

  • CanSecWest 2014 - Outsmarting Bluetooth Smart Video
  • DEF CON 22 - The NSA Playset Bluetooth Smart Attack Tools Video
  • DEF CON 22 - Grant Bugher - Detecting Bluetooth Surveillance Systems Video

2015

  • DEF CON 23 - Mike Ryan and Richo Healey - Hacking Electric Skateboards Video

2016

  • DEF CON 24 - Anthony Rose, Ben Ramsey - Picking Bluetooth Low Energy Locks a Quarter Mile Away Video
  • DEF CON 24 - Realtime Bluetooth Device Detection with Blue Hydra Video
  • DEF CON 24 Internet of Things Village Damien Cauquil Btlejuice The Bluetooth Smart Mitm Framework Video
  • Black Hat USA 2016 - Gattacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool Video
  • Hack.lu 2016 - Damiel Cauquil - BtleJuice: the Bluetooth Smart Man In The Middle Framework Video
  • EMF16 - Michael Ossmann - My Ubertooth Year Video

2017

  • Black Hat Europe 2017 - Ben Seri, Gregory Vishnepolsky - BlueBorne - A New Class of Airborne Attacks Video

2018

  • DEF CON 26 - Damien Cauquil - You had better secure your BLE devices Video
  • 35C3 - Dennis Mantz and Jiska Classen - Dissecting Broadcom Bluetooth Video
  • MRMCD2018 - Dennis Mantz and Jiska Classen - A Deep Dive into Bluetooth Controller Firmware Video
  • Black Hat Europe 2018 - Ben Seri, Dor Zusman - BLEEDINGBIT Your APs Belong to Us Video

2019

  • DEF CON 27 - Damien Cauquil - Defeating Bluetooth Low Energy 5 PRNG for Fun and Jamming Video
  • USENIX Security '19 - Pallavi Sivakumaran - A Study of the Feasibility of Co-located App Attacks against BLE Video
  • RSA 2019 - Mike Ryan - Bluetooth Reverse Engineering: Tools and Techniques Video
  • Hardwear.io USA 2019 - Mike Ryan - Bluetooth Hacking: Tools And Techniques Video
  • Hardwear.io Netherlands 2019 - Sultan Qasim Khan - Sniffle: A low-cost sniffer for Bluetooth 5 Video
  • MRMCD2019 - Dennis Mantz and Jiska Classen - Playing with Bluetooth Video
  • BruCON 0x0B - Damien Cauquil - Defeating Bluetooth Low Energy 5 PRNG for fun and jamming Video
  • Hack.LU 2019 - Damien Cauquil - Defeating Bluetooth Low Energy 5 PRNG For Fun And Jamming Video
  • CyberCamp19 - Pablo González - Audit and hacking to Bluetooth Low-Energy (BLE) devices Video

2020

  • Hardwear.io Virtual Con 2020 - Daniele Antonioli - From Bluetooth Standard to Standard Compliant 0-days Video
  • DEF CON 28 - Jiska Classen and Francesco Gringoli - Spectra — New Wireless Escalation Targets Video
  • DEF CON 28 - Maxine Filcher - The Basics Of Breaking BLE v3 Video
  • USENIX WOOT 2020 - Jianliang Wu - BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy Video
  • USENIX WOOT 2020 - Dennis Heinze, Jiska Classen, Matthias Hollick - ToothPicker: Apple Picking in the iOS Bluetooth Stack Video
  • USENIX 2020 - Yue Zhang - Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks Video
  • Black Hat Europe 2020 - Wang Yu - Please Make a Dentist Appointment ASAP: Attacking IOBluetoothFamily HCI and Vendor-Specific Commands Video
  • Ekoparty 2020 - Cecilia Pastorino and Dan Borgogno - Bluetooth Low Energy Hacking 101 Video
  • rC3 2020 - Jiska Classen - Exposure Notification Security Video

2021

  • CCC #DiVOC2020 - Jiska Classen - Finding Eastereggs in Broadcom's Bluetooth Random Number Generator Video
  • CCC #DiVOC2020 - Jan Ruge - No PoC? No Fix! - A sad Story about Bluetooth Security Video
  • WOOT2021 - Tristan Claverie, José Lopes Esteves - BlueMirror: Reflections on Bluetooth Pairing and Provisioning Protocols Video
  • Hardwear.io NL 2021 - Tristan Claverie, José Lopes Esteves - BlueMirror: Defeating Authentication In Bluetooth Protocols Video

Bluetooth Security Tools

Linux Utilities & Tools

  • BlueZ (l2ping, gatttool, hciconfig, hcidump, hcitool, sdptool, bccmd, bluetoothctl, etc.) Link

Scanners & Sniffers

Exploit Tools

OBEX Attack Tools

Fuzzing

Firmware Analysis

Man-in-the-middle & Packet Injection

Device Spoofing

Ping & Signal Strength Tools

Denial of Service

Honeypot

Android Apps

Hardware

  • Nordic Semiconductor nRF-51 Development Kit Link
  • Sena UD-100 (~$39) Link
  • Ubertooth One (~$120) Link
  • Ellisys Bluetooth Tools Link
  • Frontline Bluetooth Tools Link

Other

  • Wireshark: Protocol analyzer and packet capture Link
  • Frontline Wireless Protocol Suite (Windows only) Link
  • Uberducky (BLE-triggered rubber ducky) Github
  • CarWhisperer: Bluetooth sniffer for in-vehicle connections Link
  • BLEBoy: BLE testing platform Github

Primary Reference Materials

Bluetooth Core Specifications Link

NIST Special Publication (SP) 800-121 revision 2 Link


Useful Sites

  • List of Bluetooth bugs Link
  • Bluetooth arsenal tool list Github
  • trifinite Bluetooth info Link
  • Mike Ryan's Bluetooth info Link
  • Colin Mulliner's Bluetooth info Link
  • BlackArch Linux tool list Link
  • Bluetooth pen test framework Link

About

List of Bluetooth BR/EDR/LE security resources

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published