Snoop on to them, as they snoop on to us

Presented at DEF CON 31 (2023), Aug. 10, 2023, 5 p.m. (20 minutes)

BLE devices are now all the rage. What makes a purpose built tracking device like the AirTag all that different from the majority of BLE devices that have a fixed address? With the rise of IoT we're also seeing a rise in government and corporate BLE surveillance systems. We'll look at tools that normal people can use to find out if their favorite IoT gear is easily trackable. If headphones and GoPro's use fixed addresses, what about stun guns and bodycams? We'll take a look at IoT gear used by authorities and how it may be detectedable over long durations, just like an AirTag. REFERENCES: Handoff All Your Privacy – A Review of Apple’s Bluetooth Low Energy Continuity Protocol Freqy DEFCON 29 RF Village - "Basics of Breaking BLE" Handoff All Your Privacy – A Review of Apple’s Bluetooth Low Energy Continuity Protocol DEF CON 26 - Damien virtualabs Cauquil - You had better secure your BLE devices Mike Spicer - I Know What U Did Last Summer 3 Yrs Wireless Monitoring DEFCON - DEF CON 27 Conference

Presenters:

• Rekcahdam - Hacker
• nullagent - Member at Dataparty
  Nullagent is a robotics hacker. He built his first internet connected robot in 2004 and since then he's been hooked on embedded hacking. He's building a hacker collective that fuses artistic expression to bring cyber security tools to a broader audience.

Links:

• https://forum.defcon.org/node/245770

Similar Presentations:

• AppSec USA 2016 / When encryption is not enough: Attacking Wearable - Mobile Application communication over BLE
• Still Hacking Anyway (SHA2017) / Hack-a-ble: Hacking BLE Smart Devices
• DEF CON 24 (2016) / Picking Bluetooth Low Energy Locks from a Quarter Mile Away