Bluetooth Smart Security


I research Bluetooth Smart security. I've given talks about it at DEFCON, Hack in the Box Malaysia, Breakpoint, CanSecWest, USENIX, Black Hat, ToorCon, and ShmooCon.

My recent research is on active attacks: building new tools and discovering new techniques for understanding and attacking devices. Along with Richo Healey" I demonstrated an attack against a Boosted electric skateboard. I have also demonstrated remote attacks against Bluetooth stacks, including Bluedroid on Android 4.3.

In earlier work I demonstrated weaknesses in the pairing protocol that render the encryption near useless. I released a tool that can crack the Bluetooth Smart PIN and decrypt encrypted conversations. I proposed a fix using ECDH and provide an 8-bit ECC implementation.

Bluetooth Smart, a.k.a. Bluetooth Low Energy / BTLE / BLE, is a new modulation mode and link layer packet format for low-energy Bluetooth applications. It's defined in the Bluetooth Core Spec 4.0 (warning: big zip) and has been around since 2010.