Explore the vulnerabilities in Bluetooth Low Energy version 5's new channel hopping algorithm in this 45-minute conference talk from BruCON Security Conference. Discover how the pseudo-random number generator (PRNG) introduced to improve collision avoidance can be exploited for sniffing and jamming communications between BLE 5 devices. Learn about the weaknesses in the PRNG and how it can be defeated, rendering previous sniffing tools effective once again. Gain insights into the release of an updated version of BtleJack, providing IoT hackers with an efficient method to sniff BLE 5 connections. Delve into the technical aspects of breaking the PRNG and understand the implications for security in Bluetooth Low Energy 5 devices.
Overview
Syllabus
10 - BruCON 0x0B - Defeating Bluetooth Low Energy 5 PRNG for fun and jamming - Damien Cauquil
Taught by
BruCON Security Conference