The distribution of Bluetooth Low Energy capable devices on the market is steadily increasing. Despite repeatedly published vulnerabilities in the protocol or specific devices, the standard enjoys great popularity. To scrutinize the security of BLE-enabled devices, no expensive test devices are necessary, although the complexity of the protocol creates a hurdle for beginners. To address this gap, the talk will first provide a general introduction to the technology as well as an overview of current attack scenarios and tools. The practical part will then introduce the Mirage framework and demonstrate the development of a test scenario. Finally, there will be a demonstration of the previously developed exploit.
After successfully completing my Master of Science in IT Security at the Ruhr-Universität Bochum, I started working as a penetration tester at NSIDE Attack Logic in Munich. Since I wrote my master’s thesis on automating security analysis of Bluetooth Low Energy enabled IoT devices, my main focus is on the IoT area. Having experienced first-hand how complex the Bluetooth Low Energy protocol can be for beginners, I wanted to share some of my experiences.