Shmoocon 2013: Sniffing Bluetooth low energy

Posted on Thursday, April 11th, 2013 in RF, security, Videos by the machinegeek

In this presentation from the recent Shmoocon 2013 conference in Washington, DC, Mike Ryan from iSec Partners discusses the new generation of wireless hacking tools to intercept and inject Bluetooth Low Energy (BTLE) communications. Also known as Bluetooth Smart, BTLE was defined in the BT 4.0 spec and will be appearing in a growing number of sports sensors, medical devices, etc.

This talk covers both the Bluetooth LE protocol and the tools and techniques used to study it, as well as live demos of sniffing BTLE using Ubertooth and other hardware.

For links to slides of this and other Bluetooth related presentations visit Mike Ryan’s webpage.

This entry was posted on Thursday, April 11th, 2013 at 2:00 pm and is filed under RF, security, Videos. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

5 Responses to “Shmoocon 2013: Sniffing Bluetooth low energy”

  1. wam says:

    PC’s suck at RF?


    Uh… whoa. Apples to oranges. PC’s and mac’s suck anyway.

    For most applications (usually about as complicated as a coin acceptor on a soda machine) using a PC is like having me and a bunch of my old fart friends do porn. Just imagine the overhead in Viagra, EMT’s, defibrillators (maybe even defibrillator toasters – Google it), scene retakes, etc… instead of just getting some young, dumb, full of.. 20 yo’s.

    Having to load a crap load of OS, kernel drivers is just silly.

  2. “sniffing BTLE is hard”? Um….TI gives out for CC2540-based USB dongles and their site gives out firmware for them to sniff BTLE easily. If this is “hard” I am afraid to ask what easy is…

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments

  • Daniel: Do I comment here or on FB?
  • Craig B: Shouldn't the default be 00xxx010? Note that bit 0 appears out of order in the documentation. In that case I think the initial value is...
  • JJM: From the datasheet extract you are showing, the power up status should be 00xxx010, not 000xxx01. Bit numbering is misleading since 'measurement resolution' is apparently...
  • Jan Ciger (@janoc200): Hmm, that could actually explain why the three sensor IMU breakout I have bought a few years ago had all sorts of issues - I...
  • Travis: Is it preset to the windows 3 fingered salute?