Anthony Ros & Ben Ramsey - Picking Bluetooth Low Energy Locks from a Quarter Mile Away


Manage episode 215601413 series 2427673
By DEF CON. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

Materials: CON 24/DEF CON 24 presentations/DEFCON-24-Rose-Ramsey-Picking-Bluetooth-Low-Energy-Locks-UPDATED.pdf

Picking Bluetooth Low Energy Locks from a Quarter Mile Away
Anthony Rose Hacker?
Ben Ramsey, Hacker

Many Bluetooth Low Energy (BLE) enabled deadbolts and padlocks have hit the market recently. These devices promise convenience and security through smartphone control. We investigated sixteen of these products from multiple vendors and discovered wireless vulnerabilities in most of them. Using a $50 antenna, we successfully picked vulnerable locks from over 400 meters away. In this presentation we introduce open source tools to crack each of the vulnerable BLE locks. Furthermore, after surveying the open source Bluetooth hacking tools currently available, we find very little support for BLE. So, to make discovering and range finding to BLE devices easier, we introduce a new open source war-walking tool compatible with both Bluetooth Classic and BLE.
Anthony Rose is an electrical engineer with five years of network security experience. His prior work includes traffic and quality optimization for wireless Audio protocols. Currently he focuses on Bluetooth security and wireless penetration testing.


Ben Ramsey, PhD, CISSP, has over a decade of experience in network security research. His work focuses on critical infrastructure protection and low power wireless protocols, such as ZigBee, Z-Wave, and Bluetooth Low Energy. He has published in several academic journals and has presented research at multiple conferences, including GLOBECOM, MILCOM, SenseApp, and ShmooCon.

104 episodes