Bluetooth Smart Security


I research Bluetooth Smart security. I've given talks about it at CanSecWest, USENIX, Black Hat, ToorCon, and ShmooCon.

My recent research is on active attacks: probing and understanding devices and fuzzing Bluetooth stacks. I have demonstrated remote attacks against Bluetooth stacks, including Bluedroid on Android 4.3.

In earlier work I demonstrated weaknesses in the pairing protocol that render the encryption near useless. I released a tool that can crack the Bluetooth Smart PIN and decrypt encrypted conversations. I proposed a fix using ECDH and provide an 8-bit ECC implementation.

Bluetooth Smart, a.k.a. Bluetooth Low Energy / BTLE / BLE, is a new modulation mode and link layer packet format for low-energy Bluetooth applications. It's defined in the Bluetooth Core Spec 4.0 (warning: big zip) and has been around since 2010.