Hack-a-ble: Hacking BLE Smart Devices

Presented at Still Hacking Anyway (SHA2017), Aug. 8, 2017, 12:20 p.m. (60 minutes).

Although IoT is already embedded in our everyday lives, our security and privacy are sometime left behind for comfort and other reasons, despite the serious impact that IoT vulnerabilities may have on our digital and physical security. Bluetooth Low Energy (BLE), also known as Bluetooth Smart is the most popular protocol used for interfacing IoT and smart devices. Broadly used in the healthcare, fitness, security, and home-entertainment industries, nowadays we encounter BLE in almost every aspect of our lives (e.g. in wearables, sensors, medical devices, security products, etc.). In this lecture I will survey key security issues in the BLE protocol, as well as presenting a possible architecture for BLE Man-in-the-Middle (MitM) attack together with the related necessary equipment. In addition, will introduce some of the available tools and how they can be used to perform penetration-testing on BLE applications and will discuss possible mitigations to secure them. #NetworkSecurity #IoT See attached.

Presenters:

  • Tal Melamed
    Tal is an Application Security Expert. As AppSec Labs' Technical Leader, he is leading a variety of security projects for IoT, Mobile, Web, and Client applications. Prior to working at AppSec Labs, Tal has worked at Amdocs, CheckPoint and RSA, having more than a decade of experience in security research and security vulnerability assessment. Tal is a keen speaker; training and lecturing world-wide for secure coding and hacking as well as lecturing in major conferences (OWASP 2016/2107, BsidesTLV 2017, ICIMP 2017, SAFE 2017, COSAC 2017), a neat developer; leading security R&D, including AppUse, iNalyzer and ProKSy, and a security dreamer. Breaking, building & preaching since '99. Follow me @ appsec.it

Links:

Similar Presentations: