Overview
Explore the intricacies of Android Bluetooth security vulnerabilities in this 35-minute Black Hat conference talk. Delve into the AOSP Bluetooth module's history of security flaws, including Blueborne and BlueFrag, and understand how these vulnerabilities often stem from improper validation of remote user-supplied data during Bluetooth request packet parsing. Learn about Google's hardening methods to improve Bluetooth security, such as packet length validation, implementation of a more secure AVRCP profile, and the Gabeldorsche project rewriting the Bluetooth stack in Rust. Discover new approaches focusing on the lifecycle of Bluetooth packet data and weak architectural logic that have uncovered additional hidden vulnerabilities. Gain insights into the Bluetooth protocol architecture in AOSP, existing research results, and known attack surfaces to enhance your understanding of Android Bluetooth bug hunting techniques.
Syllabus
Deep into Android Bluetooth Bug Hunting: New Attack Surfaces and Weak Code Patterns
Taught by
Black Hat