Enviar búsqueda
Cargar
Defcon 18-dunning-breaking-bluetooth
•
0 recomendaciones
•
432 vistas
Vengadanathan Srinivasan
Seguir
Blue tooth hacking .
Leer menos
Leer más
Denunciar
Compartir
Denunciar
Compartir
1 de 30
Descargar ahora
Descargar para leer sin conexión
Recomendados
2018 all lens bag of tricks v1.2
2018 all lens bag of tricks v1.2
Len Noe
অত্যাধুনিক কম্পিউটারের দ্রুত অগ্রগতির মূলে রয়েছে
অত্যাধুনিক কম্পিউটারের দ্রুত অগ্রগতির মূলে রয়েছে
Khaled Raihan
BLE SMART-LOCATIONS by sodexo
BLE SMART-LOCATIONS by sodexo
Gustavo RUEDA LÓPEZ
CSI - Poor Mans Guide To Espionage Gear
CSI - Poor Mans Guide To Espionage Gear
shawn_merdinger
BSNL hacks
BSNL hacks
Vengadanathan Srinivasan
Pwning bsnl
Pwning bsnl
Vengadanathan Srinivasan
Observatorio de Turismo en el Quindío No. 35 | Semana Santa 2016
Observatorio de Turismo en el Quindío No. 35 | Semana Santa 2016
Cámara de Comercio de Armenia y del Quindío
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving Cars
LinkedIn
Recomendados
2018 all lens bag of tricks v1.2
2018 all lens bag of tricks v1.2
Len Noe
অত্যাধুনিক কম্পিউটারের দ্রুত অগ্রগতির মূলে রয়েছে
অত্যাধুনিক কম্পিউটারের দ্রুত অগ্রগতির মূলে রয়েছে
Khaled Raihan
BLE SMART-LOCATIONS by sodexo
BLE SMART-LOCATIONS by sodexo
Gustavo RUEDA LÓPEZ
CSI - Poor Mans Guide To Espionage Gear
CSI - Poor Mans Guide To Espionage Gear
shawn_merdinger
BSNL hacks
BSNL hacks
Vengadanathan Srinivasan
Pwning bsnl
Pwning bsnl
Vengadanathan Srinivasan
Observatorio de Turismo en el Quindío No. 35 | Semana Santa 2016
Observatorio de Turismo en el Quindío No. 35 | Semana Santa 2016
Cámara de Comercio de Armenia y del Quindío
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving Cars
LinkedIn
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
Android Bluetooth Introduction
Android Bluetooth Introduction
Erin Yueh
IoT setup and pairing
IoT setup and pairing
Guy Vinograd ☁
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via sms
qqlan
Securely Deploying Android Device - ISSA (Ireland)
Securely Deploying Android Device - ISSA (Ireland)
Angelill0
THAT_2023_BLE.pdf
THAT_2023_BLE.pdf
Robin Schroeder
Defcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddos
Priyanka Aash
Holland safenet livehack hid usb pineapple_cain_oph_with_video
Holland safenet livehack hid usb pineapple_cain_oph_with_video
robbuddingh
Csi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide Merdinger
shawn_merdinger
Kyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor
Bluetooth technology
Bluetooth technology
Deevena Dayaal
Connect your Android to the real world with Bluetooth Low Energy
Connect your Android to the real world with Bluetooth Low Energy
Gabor Paller
Defending Your Network
Defending Your Network
Adam Getchell
IoThings you don't even need to hack
IoThings you don't even need to hack
Slawomir Jasek
Ce hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computers
Vi Tính Hoàng Nam
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013
Blueinfy Solutions
Wireless personal area networks(PAN)
Wireless personal area networks(PAN)
punjab engineering college, chandigarh
Iot vupico-damien-contreras-2018-05-17-light-v3
Iot vupico-damien-contreras-2018-05-17-light-v3
Damien Contreras
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
Mohammed Adam
Bluetooth
Bluetooth
Fahim Faysal
Más contenido relacionado
Similar a Defcon 18-dunning-breaking-bluetooth
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
Android Bluetooth Introduction
Android Bluetooth Introduction
Erin Yueh
IoT setup and pairing
IoT setup and pairing
Guy Vinograd ☁
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via sms
qqlan
Securely Deploying Android Device - ISSA (Ireland)
Securely Deploying Android Device - ISSA (Ireland)
Angelill0
THAT_2023_BLE.pdf
THAT_2023_BLE.pdf
Robin Schroeder
Defcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddos
Priyanka Aash
Holland safenet livehack hid usb pineapple_cain_oph_with_video
Holland safenet livehack hid usb pineapple_cain_oph_with_video
robbuddingh
Csi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide Merdinger
shawn_merdinger
Kyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor
Bluetooth technology
Bluetooth technology
Deevena Dayaal
Connect your Android to the real world with Bluetooth Low Energy
Connect your Android to the real world with Bluetooth Low Energy
Gabor Paller
Defending Your Network
Defending Your Network
Adam Getchell
IoThings you don't even need to hack
IoThings you don't even need to hack
Slawomir Jasek
Ce hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computers
Vi Tính Hoàng Nam
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013
Blueinfy Solutions
Wireless personal area networks(PAN)
Wireless personal area networks(PAN)
punjab engineering college, chandigarh
Iot vupico-damien-contreras-2018-05-17-light-v3
Iot vupico-damien-contreras-2018-05-17-light-v3
Damien Contreras
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
Mohammed Adam
Bluetooth
Bluetooth
Fahim Faysal
Similar a Defcon 18-dunning-breaking-bluetooth
(20)
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Android Bluetooth Introduction
Android Bluetooth Introduction
IoT setup and pairing
IoT setup and pairing
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via sms
Securely Deploying Android Device - ISSA (Ireland)
Securely Deploying Android Device - ISSA (Ireland)
THAT_2023_BLE.pdf
THAT_2023_BLE.pdf
Defcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddos
Holland safenet livehack hid usb pineapple_cain_oph_with_video
Holland safenet livehack hid usb pineapple_cain_oph_with_video
Csi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide Merdinger
Kyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epo
Bluetooth technology
Bluetooth technology
Connect your Android to the real world with Bluetooth Low Energy
Connect your Android to the real world with Bluetooth Low Energy
Defending Your Network
Defending Your Network
IoThings you don't even need to hack
IoThings you don't even need to hack
Ce hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computers
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013
Wireless personal area networks(PAN)
Wireless personal area networks(PAN)
Iot vupico-damien-contreras-2018-05-17-light-v3
Iot vupico-damien-contreras-2018-05-17-light-v3
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
Bluetooth
Bluetooth
Defcon 18-dunning-breaking-bluetooth
1.
Breaking Bluetooth By Being
Bored JP Dunning DefCon 2010 © Shadow Cave LLC
2.
JP Dunning Graduate Student: Computer
Science, Virginia Tech Research Focus: Wireless and Portable Security Website: www.hackfromacave.com © Shadow Cave LLC© Shadow Cave LLC
3.
Bluetooth ● IEEE 802.15.1 ●
Low Power / Short Range ● Ad-Hoc (Piconet) ● Deployed on over 1 billions devices worldwide © Shadow Cave LLC
4.
Obfuscation and Reconnaissance ©
Shadow Cave LLC
5.
Cloning/Spoofing Profile ● Bluetooth
Profile: – Device Address, Device Class, Device Name ● Bluetooth Profile Cloning: – Modify host Bluetooth Adapter profile to match the profile of another device – Done manually using hciconfig and bdaddr ● Bluetooth Profile Spoofing: – Creating a misleading profile of host Bluetooth Adapter © Shadow Cave LLC
6.
SpoofTooph ● Automate /
simplify Bluetooth profile modification process ● Useful for – Obfuscation – Impersonations – Observation ● 5 different modes © Shadow Cave LLC
7.
SpoofTooph ● Mode 1:
> spooftooph -i hci0 -s -d scan.log – Scan local area for devices – Save list of devices found – Select a device from the list to clone ● Mode 2: > spooftooph -i hci0 -r – Randomly generate Bluetooth profile ● Device Class – Random Valid Class ● Device Name - 100 most popular Ameraican names + device type ● Device Addr – Random MAC © Shadow Cave LLC
8.
SpoofTooph ● Mode 3:
> spooftooph -i hci0 -n new_name -a 00:11:22:33:44:55 -c 0x4a010c – Specify Name, Class, and Address ● Mode 4: > spooftooph -i hci0 -l scan.log – Read in previously logged scan – Select a device from the list to clone ● Mode 5: > spooftooph -i hci0 -t 10 – Incognito: Scan for devices every X seconds and clone the first profile on the list © Shadow Cave LLC
9.
SpoofTooph © Shadow Cave
LLC
10.
Bluetooth Profiling Project ●
Collect Device Name, Device Address and Device Class on as many devices as possible ● Same idea as Josh Wright's Bnap,Bnap, but collecting device profiles from others devices instead ● Collected over 1,500 device profiles so far © Shadow Cave LLC
11.
Bluetooth Profiling Project ●
Use for this data: – Mapping the address range of Bluetooth ● Improve Redfang discovery scans ● Matching address range with device model – Research – Discovering information disclosure © Shadow Cave LLC
12.
Bluetooth Profiling Project ●
Disclosure of sensitive information ● What information can be gathered from the device profile? – Can the Device Address be used to identify the device modes? – What can be extracted from the device name? © Shadow Cave LLC
13.
Bluetooth Profiling Project ●
Can the Device Address be used to identify the device modes? – Yes, the addresses used for Device Address (MAC) are the same as those used by Ethernet or ZigBee – The first 24-bits are Organizationally Unique Identifiers (OUI), registered to specific entities, often often use a subset of those address ranges for a specific model of device – The reverse can be done to attempt to guess the address based on the device model © Shadow Cave LLC
14.
Bluetooth Profiling Project ●
What can be extracted from the device name? – First Name – A first name, presumably the first name of the device owner. – Last Name – A last name, presumably the last name of the device owner. – Nickname – What appears to be a user name or 'handle'. – Location – Information that can be used to determine the location of the device. – Device Model – Identifying information that could lead to profiling the device as a specific model. © Shadow Cave LLC
15.
Bluetooth Profiling Project ●
Percentage of devices names which disclosed sensitive information (out of the 1,500 profiles collected) First Name Last Name Location Device Model Nickname / Handle 28.17% 18.76% 1.30% 70.54% 1.51% © Shadow Cave LLC
16.
Mall Nibbling Dropping by
your local mall to collect information on the cornucopia of Bluetooth devices. © Shadow Cave LLC
17.
Mall Nibbling ● Performing
Mall Nibbling: Things to Know – Come equipped with a Class 1 bluetooth dongle (cantenna attachment optional, but recommended :) ) – Obfuscate your Bluetooth interface – While device discovery takes less then 2 seconds, getting the name of the device requires a follow up request. Plan on spending at least 1 minute per location for each scan. © Shadow Cave LLC
18.
Offensive © Shadow Cave
LLC
19.
vCardBlaster ● vCard -
“Virtual Business Card” – Used to exchange personal information ● Many Bluetooth devices allow exchange of vCards – Phones, PDAs, PCs, etc © Shadow Cave LLC
20.
vCardBlaster ● vCardBlaster is
capable of sending a constant stream of vCards over Bluetooth – Users can select a single target or attack all devices in range – vCards can be specified or generated by vCardBlaster © Shadow Cave LLC
21.
Bluetooth vCard Contact
List DoS ● vCardBlaster can be used to preform a DoS on a Contact List ● Vuln: – Some devices, upon receiving a vCard, will automatically add the information to the local Contact List. – Each name provided in the vCard must be unique. – Sending a flood of vCards fills up the contact list with new false contacts © Shadow Cave LLC
22.
vCardBlaster © Shadow Cave
LLC
23.
Blueper ● Blueper is
capable of sending a constant stream of files over Bluetooth – Users can select a single target or attack all devices in range – Files can be specified or generated – User can specify file size © Shadow Cave LLC
24.
Bluetooth OBEX Disk
Cache DoS ● Blueper can be used to preform a DoS using the systems caching of file data ● Vuln: – Some devices cache files sent over Bluetooth OBEX before prompting user to accept or reject the file transfer. – Sending files over extended periods of time can fill up disk. – It can cause system crash. © Shadow Cave LLC
25.
Blueper © Shadow Cave
LLC
26.
Pwntooth ● Suite of
Bluetooth attack tools ● Designed to automate multiple attacks against multiple targets. ● Comes bundled with tools like: – Bluetooth Stack Smasher – BT_AUDIT – Bluesnrf – Blueper / vCardBlaster © Shadow Cave LLC
27.
Pwntooth ● Pwntooth uses
a user defined config file as an attack script ● This config file uses * as a wild card character for device address © Shadow Cave LLC
28.
pwntooth.conf © Shadow Cave
LLC
29.
Pwntooth ● Default config
/etc/bluetooth/pwntooth.conf ● If a address device is detected in multiple iterations of scans, the attacks listed in the config file are only run the first time ● Example: Scan area 10 times and save output to logfile.txt using default config. > pwntooth -l logfile.txt -s 10 © Shadow Cave LLC
30.
Project Pages www.hackfromacave.com ● SpoofTooph: http://www.hackfromacave.com/projects/spooftooph.html ●
Bluetooth Profiling Project: http://www.hackfromacave.com/projects/bpp.html ● vCardBlaster: www.hackfromacave.com/vcardblaster.html ● Blueper: www.hackfromacave.com/blueper.html ● Pwntooth: www.hackfromacave.com/pwntooth.html © Shadow Cave LLC
Descargar ahora