Categories

BLE fun with Ubertooth: sniffing Bluetooth Smart and cracking its crypto

Posted on Wednesday, January 29th, 2014 in code, encryption, hacks, RF, wireless by the machinegeek

ubertooth-one
Mike Ryan writes about his latest efforts in BLE hacking.

Hot on the heels of Omri Iluz’s BLE-sniffer-on-the-cheap, I decided to write up the BLE sniffer I built on Ubertooth. My sniffer highly robust, can capture data from connections, and is 100% open source. I also discovered a vulnerability in BLE’s crypto that allows me to crack its encryption key and decrypt traffic — 100% passively.

Here’s a link to the blog post.

Via the contact form.

This entry was posted on Wednesday, January 29th, 2014 at 12:59 am and is filed under code, encryption, hacks, RF, wireless. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

One Response to “BLE fun with Ubertooth: sniffing Bluetooth Smart and cracking its crypto”

  1. Randell David says:

    Very interesting project.

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments

  • Daniel: Do I comment here or on FB?
  • Craig B: Shouldn't the default be 00xxx010? Note that bit 0 appears out of order in the documentation. In that case I think the initial value is...
  • JJM: From the datasheet extract you are showing, the power up status should be 00xxx010, not 000xxx01. Bit numbering is misleading since 'measurement resolution' is apparently...
  • Jan Ciger (@janoc200): Hmm, that could actually explain why the three sensor IMU breakout I have bought a few years ago had all sorts of issues - I...
  • Travis: Is it preset to the windows 3 fingered salute?