Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

SweynTooth - Unleashing Mayhem over Bluetooth Low Energy

USENIX via YouTube

Overview

Explore the vulnerabilities in Bluetooth Low Energy (BLE) protocol implementations through this 25-minute conference talk from USENIX ATC '20. Dive into the SweynTooth framework, a systematic and comprehensive testing approach developed to fuzz BLE protocol implementations effectively. Learn about the state machine model incorporated in the framework, the fuzzing process, and how it exposes anomalies in BLE devices. Discover the impact of this research, which led to the discovery of 11 new vulnerabilities and 13 new CVE IDs across 12 devices from eight vendors and four IoT products. Gain insights into BLE security testing, fuzzing techniques, and the importance of protocol compliance in IoT devices.

Syllabus

Sweyn Tooth: Unleashing Mayhem over Bluetooth Low Energy
Why the Mayhem?
A look into Bluetooth flavours - Past Vulnerabilities
Bluetooth Low Energy Overview Can we test BLE security ourselves with off the shelve hardware?
Testing Security by Fuzzing Is it possible to apply fuzzing to lower-level over the air communication?
Introducing a non-compliant controller implementation! Setup
Fuzzer Arquitecture Overview Peripheral Smart Home
Fuzzing BLE Layers - Fields mutation
Fuzzing BLE Layers - Out of order sequences
Validation Strategy - Exemplified
Optimization
Evaluation - Setup
Evaluation - Comparison
Impact - Non-compliance in the wild!
Conclusion
Thank you Questions?

Taught by

USENIX

Reviews

Start your review of SweynTooth - Unleashing Mayhem over Bluetooth Low Energy

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.