原文始发于Github :Awesome Bluetooth Security (BR, EDR, LE, and Mesh)
Awesome Bluetooth Security (BR, EDR, LE, and Mesh)
This list links to useful references for anyone working with Bluetooth BR/EDR/LE or Mesh security.
Submit a PR if something is missing!
To Do
- Add list of useful research papers and whitepapers
- Add list of useful articles
- Add list of useful books
Contents
- Notable Vulnerabilities
- Conference Talks
- Bluetooth Security Tools
- Primary Reference Materials
- Useful Sites
Notable Vulnerabilities
Vulnerability name | Conference & Year published | Vulnerability website URL | Paper URL | Video URL | SIG Notice | Technology Impacted | Related CVE |
---|---|---|---|---|---|---|---|
BlueBorne | Black Hat Europe 2017 | Site | Paper | Video | No Notice | BR/EDR | CVE-2017-8628, CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785, CVE-2017-14315, CVE-2017-1000250, CVE-2017-1000251, CVE-2017-14315, CVE-2017-1000410 |
Bleedingbit | 2018 | Site | Paper | Video | No Notice | LE | CVE-2018-7080, CVE-2018-16986 |
Fixed Coordinate Invalid Curve Attack | 2018 | Site | Paper | No Video | SIG Notice | BR/EDR/LE | CVE-2018-5383 |
SweynTooth | 2019 | Site | Paper | Video | No Notice | LE | CVE-2019-16336, CVE-2019-17060, CVE-2019-17061, CVE-2019-17517, CVE-2019-17518, CVE-2019-17519, CVE-2019-17520, CVE-2019-19192, CVE-2019-19193, CVE-2019-19194, CVE-2019-19195, CVE-2019-19196, CVE-2020-10061, CVE-2020-10069, CVE-2020-13593, CVE-2020-13594, CVE-2020-13595 |
KNOB | USENIX 2019 | Site | Paper | Video | SIG Notice | BR/EDR | CVE-2019-9506 |
BIAS | IEEE S&P 2020 | Site | Paper | Video | SIG Notice | BR/EDR | CVE-2020-10135 |
Pairing Method Confusion | 2020 | Site | Paper | No Video | SIG Notice | BR/EDR/LE | CVE-2020-10134 |
BlueFrag | 2020 | Article | No Paper | No Video | No Notice | Android | CVE-2020-0022 |
Spectra | Black Hat USA 2020 | Abstract | TBD | Video | No Notice | WiFi+BT modules | CVE-2019-15063, CVE-2020-10367, CVE-2020-10368, CVE-2020-10369, CVE-2020-10370 |
BLURtooth | 2020 | No site | No Paper | No Video | SIG Notice | BR/EDR+LE | CVE-2020-15802 |
BLESA | WOOT 2020 | Site | Paper | Video | No Notice | LE | CVE-2020-9770 |
BleedingTooth | 2020 | Site | Writeup | Video | No Notice | Linux | CVE-2020-12351, CVE-2020-12352, CVE-2020-24490 |
BlueMirror | WOOT 2021 | Site | Paper | Video | Multiple SIG Notices | BR/EDR/LE/Mesh | CVE-2020-26555, CVE-2020-26556, CVE-2020-26557, CVE-2020-26558, CVE-2020-26559, CVE-2020-26560 |
InjectaBLE | IEEE DSN 2021 | Site | Paper | No Video | SIG Notice | LE | CVE-2021-31615 |
BrakTooth | 2021 | Site | Paper | Video | No Notice | BR/EDR | CVE-2021-28135, CVE-2021-28136, CVE-2021-28139, CVE-2021-28155, CVE-2021-31717, CVE-2021-31609, CVE-2021-31611, CVE-2021-31612, CVE-2021-31613, CVE-2021-31785, CVE-2021-31786, CVE-2021-31610, CVE-2021-34143, CVE-2021-34144, CVE-2021-34145, CVE-2021-34146, CVE-2021-34147, CVE-2021-34148, CVE-2021-34149, CVE-2021-34150 |
Conference Talks
2003
- DEF CON 11 – Bruce Potter – Bluetooth – The Future of Wardriving Video
2004
- 21C3 – Marcel Holtmann, Martin Herfurt, Adam Laurie – Bluetooth Hacking Video
- Black Hat USA 2004 – Adam Laurie, Martin Herfurt – BlueSnarfing The Risk From Digital Pickpockets Video
2005
- 22C3 – Marcel Holtmann, Martin Herfurt, Adam Laurie – Bluetooth Hacking – The State of The Art Video
2006
- 23C3 – Thierry Zoller, Kevin Finistere – Bluetooth Hacking Revisited Video
- Black Hat USA 2006 – Bruce Potter – Bluetooth Defense Kit Black Hat Video
2007
- DeepSec 2007 – Marcel Holtmann – New Security Model of Bluetooth 2.1 Video
2009
- DEF CON 17 – Dominic Spill, Michael Ossmann, and Mark Steward – Bluetooth Smells like Chicken Video
- Shmoocon 2009 – Bluetooth-Ossman.m4v Video
2010
- Shmoocon 2010 – Michael Ossmann – Bluetooth Keyboards: Who Owns Your Keystrokes? Video
- DEF CON 18: Breaking Bluetooth by Being Bored 1/3 Video
2011
- ShmooCon 2011 – Project Ubertooth: Building a Better Bluetooth Adapter Video
- DeepSec 2011 – Tommi Makila & Jukka Taimisto: Intelligent Bluetooth Fuzzing – Why bother? Video
2012
- Ruxcon 2012 – Dominic Spill – Bluetooth Packet Sniffing Using Project Ubertooth Video
- Toorcon 2012 – Hacking Bluetooth Low Energy: I Am Jack’s Heart Monitor Video
- DEF CON 20 – Passive Bluetooth Monitoring in Scapy Video
2013
- USENIX WOOT 2013 – Mike Ryan – Bluetooth: With Low Energy Comes Low Security Video
- ShmooCon 9 – How Smart Is Bluetooth Smart? Video
- Black Hat USA 2013 – Bluetooth Smart: The Good, the Bad, the Ugly, and the Fix! Video
- DeepSec 2013 – Veronica Valeros & Sebastian Garcia: Uncovering your Trails – Privacy Issues of Bluetooth Devices Video
2014
- CanSecWest 2014 – Outsmarting Bluetooth Smart Video
- DEF CON 22 – The NSA Playset Bluetooth Smart Attack Tools Video
- DEF CON 22 – Grant Bugher – Detecting Bluetooth Surveillance Systems Video
2015
- DEF CON 23 – Mike Ryan and Richo Healey – Hacking Electric Skateboards Video
2016
- DEF CON 24 – Anthony Rose, Ben Ramsey – Picking Bluetooth Low Energy Locks a Quarter Mile Away Video
- DEF CON 24 – Realtime Bluetooth Device Detection with Blue Hydra Video
- DEF CON 24 Internet of Things Village Damien Cauquil Btlejuice The Bluetooth Smart Mitm Framework Video
- Black Hat USA 2016 – Gattacking Bluetooth Smart Devices – Introducing a New BLE Proxy Tool Video
- Hack.lu 2016 – Damiel Cauquil – BtleJuice: the Bluetooth Smart Man In The Middle Framework Video
- EMF16 – Michael Ossmann – My Ubertooth Year Video
2017
- Black Hat Europe 2017 – Ben Seri, Gregory Vishnepolsky – BlueBorne – A New Class of Airborne Attacks Video
2018
- DEF CON 26 – Damien Cauquil – You had better secure your BLE devices Video
- 35C3 – Dennis Mantz and Jiska Classen – Dissecting Broadcom Bluetooth Video
- MRMCD2018 – Dennis Mantz and Jiska Classen – A Deep Dive into Bluetooth Controller Firmware Video
- Black Hat Europe 2018 – Ben Seri, Dor Zusman – BLEEDINGBIT Your APs Belong to Us Video
2019
- DEF CON 27 – Damien Cauquil – Defeating Bluetooth Low Energy 5 PRNG for Fun and Jamming Video
- USENIX Security ’19 – Pallavi Sivakumaran – A Study of the Feasibility of Co-located App Attacks against BLE Video
- RSA 2019 – Mike Ryan – Bluetooth Reverse Engineering: Tools and Techniques Video
- Hardwear.io USA 2019 – Mike Ryan – Bluetooth Hacking: Tools And Techniques Video
- Hardwear.io Netherlands 2019 – Sultan Qasim Khan – Sniffle: A low-cost sniffer for Bluetooth 5 Video
- MRMCD2019 – Dennis Mantz and Jiska Classen – Playing with Bluetooth Video
- BruCON 0x0B – Damien Cauquil – Defeating Bluetooth Low Energy 5 PRNG for fun and jamming Video
- Hack.LU 2019 – Damien Cauquil – Defeating Bluetooth Low Energy 5 PRNG For Fun And Jamming Video
- CyberCamp19 – Pablo González – Audit and hacking to Bluetooth Low-Energy (BLE) devices Video
2020
- Hardwear.io Virtual Con 2020 – Daniele Antonioli – From Bluetooth Standard to Standard Compliant 0-days Video
- DEF CON 28 – Jiska Classen and Francesco Gringoli – Spectra — New Wireless Escalation Targets Video
- DEF CON 28 – Maxine Filcher – The Basics Of Breaking BLE v3 Video
- USENIX WOOT 2020 – Jianliang Wu – BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy Video
- USENIX WOOT 2020 – Dennis Heinze, Jiska Classen, Matthias Hollick – ToothPicker: Apple Picking in the iOS Bluetooth Stack Video
- USENIX 2020 – Yue Zhang – Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks Video
- Black Hat Europe 2020 – Wang Yu – Please Make a Dentist Appointment ASAP: Attacking IOBluetoothFamily HCI and Vendor-Specific Commands Video
- Ekoparty 2020 – Cecilia Pastorino and Dan Borgogno – Bluetooth Low Energy Hacking 101 Video
- rC3 2020 – Jiska Classen – Exposure Notification Security Video
2021
- CCC #DiVOC2020 – Jiska Classen – Finding Eastereggs in Broadcom’s Bluetooth Random Number Generator Video
- CCC #DiVOC2020 – Jan Ruge – No PoC? No Fix! – A sad Story about Bluetooth Security Video
- WOOT2021 – Tristan Claverie, José Lopes Esteves – BlueMirror: Reflections on Bluetooth Pairing and Provisioning Protocols Video
- Hardwear.io NL 2021 – Tristan Claverie, José Lopes Esteves – BlueMirror: Defeating Authentication In Bluetooth Protocols Video
Bluetooth Security Tools
Linux Utilities & Tools
- BlueZ (l2ping, gatttool, hciconfig, hcidump, hcitool, sdptool, bccmd, bluetoothctl, etc.) Link
Scanners & Sniffers
- BTLEmap Github
- Sniffle Github
- Bettercap Github
- sparrow-wifi Github
- bluelog Github
- btsniffer Github
- Blue Hydra Github
- btlesniffer Github
- btscanner Link
- BT Audit Link
- redfang Gitlab
- bleah (deprecated, replaced by Bettercap) Github
Exploit Tools
- Btlejack Github
- crackle Github
- btcrack Github
- BLE-Replay Github
- BLESuite-CLI Github
- BlueMaho Gitlab
- BlueDiving Sourceforge
- Blooover Link
- l2ping (BlueSmack DoS) Link
- hidattacl Link
OBEX Attack Tools
Fuzzing
Firmware Analysis
Man-in-the-middle & Packet Injection
Device Spoofing
Ping & Signal Strength Tools
Denial of Service
- Blue Deauth Github
Honeypot
- bluepot Github
Android Apps
- nRF Connect for Mobile Google Play
Hardware
- Nordic Semiconductor nRF-51 Development Kit Link
- Sena UD-100 (~$39) Link
- Ubertooth One (~$120) Link
- Ellisys Bluetooth Tools Link
- Frontline Bluetooth Tools Link
Other
- Wireshark: Protocol analyzer and packet capture Link
- Frontline Wireless Protocol Suite (Windows only) Link
- Uberducky (BLE-triggered rubber ducky) Github
- CarWhisperer: Bluetooth sniffer for in-vehicle connections Link
- BLEBoy: BLE testing platform Github
Primary Reference Materials
Bluetooth Core Specifications Link
NIST Special Publication (SP) 800-121 revision 2 Link
Useful Sites
- List of Bluetooth bugs Link
- Bluetooth arsenal tool list Github
- trifinite Bluetooth info Link
- Mike Ryan’s Bluetooth info Link
- Colin Mulliner’s Bluetooth info Link
- BlackArch Linux tool list Link
- Bluetooth pen test framework Link
相关文章
暂无评论...