Explore the intricacies of Android Bluetooth security vulnerabilities in this 35-minute Black Hat conference talk. Delve into the AOSP Bluetooth module's history of security flaws, including Blueborne and BlueFrag, and understand how these vulnerabilities often stem from improper validation of remote user-supplied data during Bluetooth request packet parsing. Learn about Google's hardening methods to improve Bluetooth security, such as packet length validation, implementation of a more secure AVRCP profile, and the Gabeldorsche project rewriting the Bluetooth stack in Rust. Discover new approaches focusing on the lifecycle of Bluetooth packet data and weak architectural logic that have uncovered additional hidden vulnerabilities. Gain insights into the Bluetooth protocol architecture in AOSP, existing research results, and known attack surfaces to enhance your understanding of Android Bluetooth bug hunting techniques.
Deep into Android Bluetooth Bug Hunting - New Attack Surfaces and Weak Code Patterns
Overview
Syllabus
Deep into Android Bluetooth Bug Hunting: New Attack Surfaces and Weak Code Patterns
Taught by
Black Hat
Related Courses
-
BrokenMesh - New Attack Surfaces of Bluetooth Mesh
-
Stealthily Access Your Android Phones - Bypass the Bluetooth Authentication
-
Gattacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool
-
Honey, I Shrunk the Attack Surface - Adventures in Android Security Hardening
-
Stagefright - Scary Code in the Heart of Android
-
Put in One Bug and Pop Out More - An Effective Way of Bug Hunting in Chrome
