Overview
Explore the NSA Playset Bluetooth Smart Attack Tools in this 45-minute conference talk from Defcon Wireless Village 2014. Dive into the capabilities of Ubertooth, Crackle, and Bluez, and examine existing and implied Bluetooth capabilities. Learn about HID encryption, device lifecycle, and various attack techniques including sniffing pairing, OS exploitation, and unpairing. Discover the ingredients needed for Bluetooth attacks, such as HCl and HCI_USER_SOCKET, and how to use Scapy for putting it all together. Gain insights into the ANT Catalog's Bluetooth capabilities and explore potential targets like keyboards and mice.
Syllabus
Intro
NSA Playset: Bluetooth Smart
Standard Note
The NSA Playset
Capabilities: Ubertooth
Capabilities: Crackle
Capabilities: Bluez
Existing Capabilities
ANT Catalog: Bluetooth
Implied Bluetooth Capbilities
Keyboards and Mice
Do BLE Keyboards Exist?
Targets
HID Encryption
HID Device Lifecycle
Attack Techniques
Sniff Pairing
OS Exploitation
Unpairing
TINYALAMO
Naming Names
Ingredients
HCl and HCI_USER_SOCKET
Scapy
Putting it all together
URL ME BRO
Thank You