{"id":16562833,"url":"https://github.com/charmve/ble-security-attack-defence","last_synced_at":"2025-04-07T10:27:30.643Z","repository":{"id":45572532,"uuid":"299600237","full_name":"Charmve/BLE-Security-Attack-Defence","owner":"Charmve","description":"โœจ Purpose only! The dangers of Bluetooth Low Energy๏ผˆBLE๏ผ‰implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.","archived":false,"fork":false,"pushed_at":"2024-03-06T15:55:10.000Z","size":40499,"stargazers_count":265,"open_issues_count":2,"forks_count":38,"subscribers_count":11,"default_branch":"master","last_synced_at":"2024-04-15T09:05:25.703Z","etag":null,"topics":["ble","ble-security","bluefuzz","bluetooth-fuzz","bluetooth-le","bluetooth-low-energy","bluetooth-stack","bluetoothle","fuzzing","hacking","reverse","reverse-proxy","stack","vulnerability","wireless"],"latest_commit_sha":null,"homepage":"https://github.com/Charmve","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Charmve.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"Code-of-Conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"Security Vulnerabilities in Bluetooth Technology as Used in IoT.pdf","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null},"funding":{"github":null,"patreon":"Charmve","open_collective":"Charmve","ko_fi":"Charmve","tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":["https://github.com/Charmve/PaperWeeklyAI/blob/master/MaiweiAI-com.png?raw=true"]}},"created_at":"2020-09-29T11:47:34.000Z","updated_at":"2024-04-17T17:58:35.124Z","dependencies_parsed_at":"2023-02-01T18:46:50.512Z","dependency_job_id":"acdb5e2e-b5ac-4670-9773-0a84d1171a25","html_url":"https://github.com/Charmve/BLE-Security-Attack-Defence","commit_stats":{"total_commits":177,"total_committers":2,"mean_commits":88.5,"dds":0.005649717514124242,"last_synced_commit":"bc5a53824a11550feb9532489eca142c7a11a008"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Charmve%2FBLE-Security-Attack-Defence","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Charmve%2FBLE-Security-Attack-Defence/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Charmve%2FBLE-Security-Attack-Defence/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Charmve%2FBLE-Security-Attack-Defence/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Charmve","download_url":"https://codeload.github.com/Charmve/BLE-Security-Attack-Defence/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247634606,"owners_count":20970566,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ble","ble-security","bluefuzz","bluetooth-fuzz","bluetooth-le","bluetooth-low-energy","bluetooth-stack","bluetoothle","fuzzing","hacking","reverse","reverse-proxy","stack","vulnerability","wireless"],"created_at":"2024-10-11T20:37:21.511Z","updated_at":"2025-04-07T10:27:30.612Z","avatar_url":"https://github.com/Charmve.png","language":"Python","funding_links":["https://patreon.com/Charmve","https://opencollective.com/Charmve","https://ko-fi.com/Charmve","https://github.com/Charmve/PaperWeeklyAI/blob/master/MaiweiAI-com.png?raw=true"],"categories":[],"sub_categories":[],"readme":"\u003c!-- \u003cimg border=0 src=\"https://github.com/Charmve/BLE-Security-Attack-Defence/assets/29084184/3162b7a9-78a8-4d11-8611-f49c6b6ee787\" width=\"100%\"\u003e --\u003e\n\n\u003cdiv align=\"center\"\u003e\n\t\u003cbr\u003e\n\t\u003cimg border=0 src=\"logo.jpg\" width=\"360\"\u003e\n\u003c/div\u003e\n\u003ch3 align=\"center\"\u003eBluetooth-LE Security: Method, Tools and Stack\u003c/h3\u003e\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://github.com/Charmve/BLE-Security-Attack-Defence\"\u003e\u003cimg src=\"https://img.shields.io/badge/๐Ÿ‘“-B1ueB0y-blue\" alt=\"B1ueB0y\"\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/Charmve\"\u003e\u003cimg src=\"https://img.shields.io/badge/Github-Charmve-lightblue\" alt=\"github\"\u003e\u003c/a\u003e\n \u003ca href=\"./Code-of-Conduct.md\"\u003e\u003cimg src=\"https://img.shields.io/badge/Licence-BSD2-green\" alt=\"Code-of-Conduct\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cbr\u003e\n\n## โœจ News! โœจ\n\n- \u003cimg width=\"30\" height=\"30\" src=\"image/BlackHat.jpg\"\u003e\u0026nbsp;\u0026nbsp;\u003cfont size=\"4\"\u003e\u003cb\u003e2020.10.13:\u003c/b\u003e A heap-based type confusion affecting Linux kernel 4.8 and higher was discovered in ``net/bluetooth/l2cap_core.c.`` by \u003ca href=\"https://github.com/google/security-research\" target=\"_blank\"\u003eGoogle Security Research\u003c/a\u003e !\u003cbr\u003e\n- \u003cimg width=\"30\" height=\"30\" src=\"https://static.leiphone.com/uploads/new/images/20200326/5e7c5dc11daa1.png?imageView2/2/w/740\"\u003e\u0026nbsp;\u0026nbsp;\u003cfont size=\"4\"\u003e\u003cb\u003e2020.03.26:\u003c/b\u003e A memory corruption issue was addressed with improved input validation by \u003ca href=\"https://www.leiphone.com/news/202003/gENc7OITqoxKchYo.html\" target=\"_blank\"\u003eQihoo 360 Alpha Lab\u003c/a\u003e !\n\n\u003cbr\u003e\n\t\n\u003ctable class=\"table table-striped table-bordered table-vcenter\"\u003e\n \u003ctbody class=ai-notebooks-table-content\u003e\n \u003ctr\u003e\n \u003ctd colspan=\"1\" rowspan=\"10\" class=\"ai-notebooks-table-points ai-orange-link\"\u003e\n\t\t\t\u003cbr\u003e\n\t\t\t\u003cdiv align=\"center\"\u003e\n\t\t\t\t\u003cimg class=\"ai-header-badge-img\" src=\"https://github.com/Charmve/BLE-Security-Attack-Defence/assets/29084184/dca27e6b-4625-4efd-9c24-eaaaff157318\"\u003e\n\t\t\t\t\u003c/a\u003e\u0026nbsp;\n\t\t\t\t\u003cp\u003eFigure 1: BLE messages exchange diagram\u003cbr\u003e ๐Ÿ”ฅAmong the \u003ca href=\"https://github.com/topics/deep-learning\" target=\"_blank\"\u003etop 10\u003c/a\u003e BLE repos on GitHub\u003c/p\u003e\n\t\t\t\u003c/div\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n\t\u003ctr\u003e\n\t\t\u003ctd\u003e\u003cb\u003eFuzzing\u003c/b\u003e\u003c/td\u003e\n\t\u003c/tr\u003e\n\t\u003ctr\u003e\n\t\t\u003ctd\u003e\u003ca href=\"https://www.usenix.org/system/files/sec20-ruge.pdf\"\u003eFrankenstein: Advanced Wireless Fuzzing to Exploit New Bluetooth Escalation Targets\u003c/a\u003e\u003c/td\u003e\n\t\u003c/tr\u003e\n\t\u003ctr\u003e\n\t\t\u003ctd\u003e\u003ca href=\"https://git.ist.tugraz.at/apferscher/ble-fuzzing\"\u003eStateful Black-Box Fuzzing of BLE Devices Using Automata Learning\u003c/a\u003e\u003c/td\u003e\n\t\u003c/tr\u003e\n\t\u003ctr\u003e\n\t\t\u003ctd\u003e\u003ca href=\"https://asset-group.github.io/papers/BrakTooth.pdf\"\u003eBRAKTOOTH: Causing Havoc on Bluetooth Link Manager via Directed Fuzzing\u003c/a\u003e\u003c/td\u003e\n\t\u003c/tr\u003e\n\t\u003ctr\u003e\n\t\t\u003ctd\u003e\u003ca href=\"https://arxiv.org/pdf/2208.00110.pdf\"\u003eL2Fuzz: Discovering Bluetooth L2CAP Vulnerabilities Using Stateful Fuzz Testing\u003c/a\u003e\u003c/td\u003e\n\t\u003c/tr\u003e\n\t\u003ctr\u003e\n\t\t\u003ctd\u003e\u003ca href=\"https://asset-group.github.io/papers/AutoFuzz4G5G.pdf\"\u003eTowards Automated Fuzzing of 4G/5G Protocol Implementations Over the Air.\u003c/a\u003e\u003c/td\u003e\n\t\u003c/tr\u003e\n\t\u003ctr\u003e\n\t\t\u003ctd\u003emore ...\u003c/td\u003e\n\t\u003c/tr\u003e\n\t\u003c/tbody\u003e\n\u003c/table\u003e\n\t\n## BLE Vulnerability TOP5\n- \u003ca href=\"./01_BlueBorne\" target=\"_blank\"\u003eBlueBorne\u003c/a\u003e\n- \u003ca href=\"./02_BLEEDINGBIT\" target=\"_blank\"\u003eBleedingBit\u003c/a\u003e\n- \u003ca href=\"./03_SweynTooth\" target=\"_blank\"\u003eSweynTooth\u003c/a\u003e\n- \u003ca href=\"./04_BtleJuice\" target=\"_blank\"\u003eBtleJuice\u003c/a\u003e\n- \u003ca href=\"./05_BLE-CTF\" target=\"_blank\"\u003eBLE-CTF\u003c/a\u003e\n\n\u003cbr\u003e\n\u003cp align=\"center\"\u003e\u003cimg border=0 src=\"profile.jpg\"\u003e\u003cbr\u003e\u003c/p\u003e\n\u003cbr\u003e\n\n## Table of Content\n```\n๐Ÿ“‚ BLE-Security-Attack\u0026Defence\n |-- ๐Ÿ“‚ BLE Vulnerability TOP5\n | |-- ๐Ÿ“‚ BlueBorne\n | |-- ๐Ÿ“‚ BleedingBit\n | |-- ๐Ÿ“‚ SweynTooth\n | |-- ๐Ÿ“‚ BtleJuice\n | |-- ๐Ÿ“‚ BLE-CTF\n |-- ๐Ÿ“‚ ble-stack\n | |-- ๐Ÿ“‚ Mynewt-Nimble\n | |-- ๐Ÿ“‚ nRF5_SDK_15.0.0_a53641a\n | |-- ๐Ÿ“‚ PyBluez\n | |-- ๐Ÿ“‚ LightBlue\n |-- ๐Ÿ“‚ cap - capture package\n | |-- ๐Ÿ“‚ CrackLE\n | |-- ๐Ÿ“‚ TI-BLTE2Pcap\n | |-- ๐Ÿ“‚ blefuzz_V21\n | |-- ๐Ÿ“‚ Fuzzing Bluetooth\n |-- ๐Ÿ“‚ image\n |-- ๐Ÿ“‚ tools - hardware\u0026sofrware\n | |-- ๐Ÿ“‚ Ubertooth\n | |-- ๐Ÿ“‚ GATTacker\n | |-- ๐Ÿ“‚ BladeRF\n | |-- ๐Ÿ“‚ HackRF\n | |-- ๐Ÿ“‚ Adafruit-BluefruitLE\n ...\n```\n\u003cbr\u003e\n\n\n## Bluetooth LE Vulnerabilities\n\n\u003ctable\u003e\n\t\u003ctr\u003e\n\t\t\u003ctd\u003e\u003cfont size=\"4\"\u003e1.\u003c/font\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\u003ccenter\u003e\u003ca href=\"https://www.youtube.com/watch?v=WWQTlogqF1I\" target=\"_blank\"\u003e\u003cimg src=\"https://res.cloudinary.com/marcomontalbano/image/upload/v1601457791/video_to_markdown/images/youtube--WWQTlogqF1I-c05b58ac6eb4c4700831b2b3070cd403.jpg\" alt=\"BlueBorne: A New Class of Airborne Attacks that can Remotely Compromise Any Linux/IoT Device\" height=\"280\" width=\"6000\" /\u003e\u003c/a\u003e\u003c/center\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\n\t\t\t\u003cp align=\"center\"\u003e\u003cb\u003eBlueBorne\u003c/b\u003e: A New Class of Airborne Attacks that can Remotely Compromise Any Linux/IoT Device\n\t\t\t\u003cbr\u003e\n\t\t\t\u003cb\u003eBen Seri\u003c/b\u003e \u0026 \u003cb\u003eGregory Vishnepolsky \u003c/b\u003e\u003c/p\u003e\n\t\t\t\u003cp align=\"left\"\u003e\u003cfont size =2\u003eIn this talk we will present the ramifications of airborne attacks, which bypass all current security measures and provide hackers with a contagious attack, capable of jumping over \"air-gapped\" networks...\u003c/font\u003e\u003c/p\u003e\n\t\t\t\u003cp align=\"center\"\u003e\u003cimg width=\"30\" height=\"30\" src=\"image/BlackHat.jpg\"\u003e Black Hat 2017\n\t\t\t\u003cbr\u003e\n\t\t\t[\u003cb\u003e\u003ca href=\"https://www.armis.com/blueborne/\" target=\"_blank\"\u003ePDF\u003c/a\u003e\u003c/b\u003e | \u003ca href=\"https://github.com/Charmve/BLE-Security-Attack-Defence/tree/master/01_BlueBorne\" target=\"_blank\"\u003e\u003cb\u003eProject Page\u003c/b\u003e\u003c/a\u003e | \u003ca href=\"https://www.youtube.com/watch?v=WWQTlogqF1I\" target=\"_blank\"\u003e\u003cb\u003eVideo\u003c/b\u003e\u003c/a\u003e | \u003ca href=\"https://github.com/marsyy/littl_tools/tree/master/bluetooth\" target=\"_blank\"\u003e\u003cb\u003ePoC\u003c/b\u003e\u003c/a\u003e]\n\t\t\t\u003c/p\u003e\n\t\t\u003c/td\u003e\n\t\u003c/tr\u003e\n\t\u003ctr\u003e\n\t\t\u003ctd\u003e\u003cfont size=\"4\"\u003e2.\u003c/font\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\n\t\t\t\u003ccenter\u003e\n\t\t\t\t\u003ca href=\"https://www.youtube.com/watch?v=G08fh5Sa7TU\" target=\"_blank\"\u003e\n\t\t\t\t\t\u003cimg src=\"https://img-blog.csdnimg.cn/img_convert/127a037eb210b12e714618610e1b9697.png\" alt=\"BtleJuice: the Bluetooth Smart Man In The Middle Framework by Damiel Cauquil\" height=\"280\" width=\"6000\" /\u003e\n\t\t\t\t\u003c/a\u003e\n\t\t\t\u003c/center\u003e\n\t\t\u003c/td\u003e\n\t\t\u003ctd\u003e\n\t\t\t\u003cp align=\"center\"\u003e\n\t\t\t\t\u003cb\u003eBtleJuice\u003c/b\u003e: the Bluetooth Smart Man In The Middle Framework \n\t\t\t\t\u003cbr\u003e\u003cb\u003eDamiel Cauquil\u003c/b\u003e\n\t\t\t\u003c/p\u003e\n\t\t\t\u003cp align=\"left\"\u003e\n\t\t\t\t\u003cfont size =2\u003eA lot of Bluetooth Low Energy capable devices are spread since the last few years, offering a brand new way to compromise many โ€œsmartโ€ objects: fitness wristbands, smart locks and padlocks and even healthcare devices. But this protocol poses some new challenges...\u003c/font\u003e\n\t\t\t\u003c/p\u003e\n\t\t\t\u003cp align=\"center\"\u003e\n\t\t\t\t\u003cimg width=\"30\" height=\"30\" src=\"image/DEFCON.jpg\"\u003e \u003ci\u003eDefConference 2016\u003c/i\u003e (\u003cb\u003eDEFCOON\u003c/b\u003e) \n\t\t\t \u003cbr\u003e[\u003ca href=\"https://www.youtube.com/watch?v=G08fh5Sa7TU\" target=\"_blank\"\u003e\u003cb\u003eVideo\u003c/b\u003e\u003c/a\u003e | \u003ca href=\"https://speakerdeck.com/virtualabs/btlejuice-the-bluetooth-smart-mitm-framework?slide=40\" target=\"_blank\"\u003e\u003cb\u003ePDF\u003c/b\u003e\u003c/a\u003e | \u003ca href=\"https://github.com/Charmve/BLE-Security-Attack-Defence/tree/master/04_BtleJuice\" target=\"_blank\"\u003e\u003cb\u003eProject Page\u003c/b\u003e\u003c/a\u003e]\n\t\t \u003c/p\u003e\n\t\t\u003c/td\u003e\n\t\u003c/tr\u003e\n\t\u003ctr\u003e\n\t\t\u003ctd\u003e\u003cfont size=\"4\"\u003e3.\u003c/font\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\u003ccenter\u003e\u003ca href=\"https://www.youtube.com/watch?v=VHJfd9h6G2s\" target=\"_blank\"\u003e\u003cimg src=\"https://res.cloudinary.com/marcomontalbano/image/upload/v1601457995/video_to_markdown/images/youtube--VHJfd9h6G2s-c05b58ac6eb4c4700831b2b3070cd403.jpg\" alt=\"Damien virtualabs Cauquil - You had better secure your BLE devices\" height=\"280\" width=\"6000\" /\u003e\u003c/a\u003e\u003c/center\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\n\t\t\t\u003cp align=\"center\"\u003e\n\t\t\t\tYou had better secure your BLE devices \n\t\t\t\t\u003cbr\u003e\u003cb\u003eDamiel Cauquil\u003c/b\u003e \n\t\t\t\u003c/p\u003e\n\t\t\t\u003cp align=\"left\"\u003e\n\t\t\t\t\u003cfont size =2\u003eSniffing and attacking Bluetooth Low Energy devices has always been a real pain. Proprietary tools do the job but cannot be tuned to fit our offensive needs, while opensource tools work sometimes, ... \u003c/font\u003e\n\t\t\t\u003c/p\u003e\n\t\t\t\u003cp align=\"center\"\u003e\n\t\t\t\t\u003ci\u003e\u003cimg width=\"30\" height=\"30\" src=\"image/DEFCON.jpg\"\u003e DefConference 2018 (\u003cb\u003eDEFCOON26\u003c/b\u003e) \u003c/i\u003e\n\t\t\t\t\u003cbr\u003e[\u003cb\u003e\u003ca href=\"https://github.com/Charmve/BLE-Security-Attack-Defence/tree/master/04_BtleJuice\" target=\"_blank\"\u003ePDF\u003c/a\u003e\u003c/b\u003e | \u003ca href=\"https://github.com/Charmve/BLE-Security-Attack-Defence/tree/master/04_BtleJuice\" target=\"_blank\"\u003e\u003cb\u003eProject Page\u003c/b\u003e\u003c/a\u003e | \u003ca href=\"https://www.youtube.com/watch?v=VHJfd9h6G2s\" target=\"_blank\"\u003e\u003cb\u003eVideo\u003c/b\u003e\u003c/a\u003e]\n\t\t\t\u003c/p\u003e\n\t\t\u003c/td\u003e\n\t\u003c/tr\u003e\n\t\u003ctr\u003e\n\t\t\u003ctd\u003e\u003cfont size=\"4\"\u003e4.\u003c/font\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\u003ccenter\u003e\u003ca href=\"https://www.youtube.com/embed/D5FIIqLWtYw?list=PLKV_4pHyTj0GUtdyOZotJJFwsjHbBT83l\" target=\"_blank\"\u003e\u003cimg src=\"https://res.cloudinary.com/marcomontalbano/image/upload/v1601458076/video_to_markdown/images/youtube--D5FIIqLWtYw-c05b58ac6eb4c4700831b2b3070cd403.jpg\" alt=\"BLEEDINGBIT - Takeover of Aruba Access Point Access Point 325\" height=\"280\" width=\"6000\" /\u003e\u003c/a\u003e\u003c/center\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\n\t\t\t\u003cp align=\"center\"\u003e\u003cb\u003eBLEEDINGBIT \u003c/b\u003e- Takeover of Aruba Access Point Access Point 325 \n\t\t\t\u003cbr\u003e\n\t\t\t\u003cb\u003eArmis\u003c/b\u003e\u003c/p\u003e\n\t\t\t\u003cp align=\"left\" \u003e\u003cfont size =2\u003eIn this demo, Armis will demonstrate the takeover of an Aruba Access Point Access Point 325 using a TI cc2540 BLE chip. For more information, please visit https://armis.com/bleedingbit.\u003c/font\u003e\u003c/p\u003e\n\t\t\t\u003cp align=\"center\"\u003e\u003ci\u003e\u003cimg width=\"30\" height=\"30\" src=\"image/armis.jpg\"\u003e BLEEDINGBIT RCE vulnerability (CVE-2018-16986) \u003c/i\u003e\n\t\t\t\u003cbr\u003e\n\t\t\t[\u003cb\u003e\u003ca href=\"https://www.armis.com/bleedingbit/\" target=\"_blank\"\u003ePDF\u003c/a\u003e\u003c/b\u003e | \u003ca href=\"https://github.com/Charmve/BLE-Security-Attack-Defence/tree/master/02_BLEEDINGBIT\" target=\"_blank\"\u003e\u003cb\u003eProject Page\u003c/b\u003e\u003c/a\u003e | \u003ca href=\"https://www.youtube.com/watch?v=D5FIIqLWtYw\u0026list=PLKV_4pHyTj0GUtdyOZotJJFwsjHbBT83l\u0026index=2\" target=\"_blank\"\u003e\u003cb\u003eVideo\u003c/b\u003e\u003c/a\u003e]\u003c/p\u003e\n\t\t\u003c/td\u003e\n\t\u003c/tr\u003e\n\t\u003ctr\u003e\n\t\t\u003ctd\u003e\u003cfont size=\"4\"\u003e5.\u003c/font\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\u003ccenter\u003e\u003ca href=\"https://www.youtube.com/embed/oty1yTdsEXs\" target=\"_blank\"\u003e\u003cimg src=\"https://res.cloudinary.com/marcomontalbano/image/upload/v1601458144/video_to_markdown/images/youtube--oty1yTdsEXs-c05b58ac6eb4c4700831b2b3070cd403.jpg\" alt=\"SweynTooth: Unleashing Mayhem over Bluetooth Low Energy\" height=\"280\" width=\"6000\" /\u003e\u003c/a\u003e\u003c/center\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\n\t\t\t\u003cp align=\"center\"\u003e\u003cb\u003eSweynTooth\u003c/b\u003e: Unleashing Mayhem over Bluetooth Low Energy \n\t\t\t\u003cbr\u003e\n\t\t\t\u003cb\u003eMatheus E. Garbelini\u003c/b\u003e\u003c/p\u003e\n\t\t\t\u003cp align=\"left\" \u003e\u003cfont size =2\u003eThe Bluetooth Low Energy (BLE) is a promising short-range communication technology for Internet-of-Things (IoT) with reduced energy consumption. Vendors implement BLE protocols in their manufactured devices compliant to Bluetooth Core Specification. Recently, several vulnerabilities were discovered in the BLE protocol ...\u003c/font\u003e\n\t\t\t\u003c/p\u003e\n\t\t\t\u003cp align=\"center\"\u003e\u003ci\u003e\u003cimg width=\"30\" height=\"30\" src=\"image/USENIX.jpg\"\u003e \u003cb\u003eUSENIX Security 20\u003c/b\u003e\u003c/i\u003e\n\t\t\t\u003cbr\u003e\n\t\t\t[\u003cb\u003e\u003ca href=\"https://www.usenix.org/conference/atc20/presentation/garbelini\" target=\"_blank\"\u003ePDF\u003c/a\u003e\u003c/b\u003e | \u003ca href=\"https://github.com/Charmve/BLE-Security-Attack-Defence/tree/master/03_SweynTooth\" target=\"_blank\"\u003e\u003cb\u003eCode\u003c/b\u003e\u003c/a\u003e | \u003ca href=\"https://asset-group.github.io/disclosures/sweyntooth/\" target=\"_blank\"\u003e\u003cb\u003eProject Page\u003c/b\u003e\u003c/a\u003e | \u003ca href=\"https://www.youtube.com/watch?v=oty1yTdsEXs\" target=\"_blank\"\u003e\u003cb\u003eVideo\u003c/b\u003e\u003c/a\u003e | \u003ca href=\"https://www.usenix.org/system/files/atc20-paper43-slides-garbelini.pdf\" target=\"_blank\"\u003e\u003cb\u003eSlides\u003c/b\u003e\u003c/a\u003e]\u003c/p\u003e\n\t\t\u003c/td\u003e\n\t\u003c/tr\u003e\n\t\u003ctr\u003e\n\t\t\u003ctd\u003e\u003cfont size=\"4\"\u003e6.\u003c/font\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\u003ccenter\u003e\u003ca href=\"https://www.youtube.com/embed/wIWZaSZsRc8\" target=\"_blank\"\u003e\u003cimg src=\"https://res.cloudinary.com/marcomontalbano/image/upload/v1601458197/video_to_markdown/images/youtube--wIWZaSZsRc8-c05b58ac6eb4c4700831b2b3070cd403.jpg\" alt=\"BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy\" height=\"280\" width=\"6000\" /\u003e\u003c/a\u003e\u003c/center\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\n\t\t\t\u003cp align=\"center\"\u003e\u003cb\u003eBLESA\u003c/b\u003e: Spoofing Attacks against Reconnections in Bluetooth Low Energy \t\t\t\n\t\t\u003cbr\u003e\n\t\t\t\u003cb\u003eJianliang Wu, Yuhong Nan ..., Purdue University\u003c/b\u003e\u003c/p\u003e\n\t\t\t\u003cp align=\"left\" \u003e\u003cfont size =2\u003eIn this paper, we analyze the security of the BLE link-layer, focusing on the scenario in which two previously-connected devices reconnect. Based on a formal analysis of the reconnection procedure defined by the BLE specification, we highlight two critical security weaknesses in the specification. As a result, even a device implementing the BLE protocol correctly may be vulnerable to spoofing attacks...\u003c/font\u003e\n\t\t\t\u003c/p\u003e\n\t\t\t\u003cp align=\"center\"\u003e\u003ci\u003e\u003cimg width=\"30\" height=\"30\" src=\"image/USENIX.jpg\"\u003e \u003cb\u003eWOOT '20\u003c/b\u003e\u003c/i\u003e\n\t\t\t\u003cbr\u003e\n\t\t\t[\u003cb\u003e\u003ca href=\"https://www.usenix.org/conference/woot20/presentation/wu\" target=\"_blank\"\u003ePDF\u003c/a\u003e\u003c/b\u003e | \u003ca href=\"https://github.com/Charmve/mhaiyang.github.io/blob/master/ICME2020_MCERN/index.html\" target=\"_blank\"\u003e\u003cb\u003eProject Page\u003c/b\u003e\u003c/a\u003e | \u003ca href=\"https://www.youtube.com/watch?v=wIWZaSZsRc8\" target=\"_blank\"\u003e\u003cb\u003eVideo\u003c/b\u003e\u003c/a\u003e]\u003c/p\u003e\n\t\t\u003c/td\u003e\n\t\u003c/tr\u003e\n\u003c/table\u003e\n\u003ctable\u003e\n\t\u003ctr\u003e\n\t\t\u003ctd\u003e\u003cfont size=\"4\"\u003e7.\u003c/font\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\u003ccenter\u003e\u003ca href=\"https://www.youtube.com/embed/uKqdb4lF0XU\" target=\"_blank\"\u003e\u003cimg src=\"https://res.cloudinary.com/marcomontalbano/image/upload/v1601458318/video_to_markdown/images/youtube--uKqdb4lF0XU-c05b58ac6eb4c4700831b2b3070cd403.jpg\" alt=\"Gattacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool\" height=\"100%\" width=\"3200\" /\u003e\u003c/a\u003e\u003c/center\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\n\t\t\t\u003cp align=\"center\"\u003e\u003cb\u003eGattacking Bluetooth Smart Devices\u003c/b\u003e - Introducing a New BLE Proxy Tool \n\t\t\t\t\u003cbr\u003e\u003cb\u003eSlawomir Jasek\u003c/b\u003e\n\t\t\t\u003c/p\u003e\n\t\t\t\u003cp align=\"left\" \u003e\u003cfont size =2\u003eUsing a few simple tricks, we can assure the victim will connect to our impersonator device instead of the original one, and then just proxy the traffic - without consent of the mobile app or device. And here it finally becomes interesting - just imagine how many attacks you might be able to perform with the possibility to actively intercept the BLE communication....\u003c/font\u003e\u003c/p\u003e\n\t\t\t\u003cp align=\"center\"\u003e\n\t\t\t\t\u003cimg width=\"30\" height=\"30\" src=\"image/BlackHat.jpg\"\u003e \u003ci\u003eBlack Hat 2016\u003c/i\u003e (\u003cb\u003eBlack Hat\u003c/b\u003e) \n\t\t\t \u003cbr\u003e[\u003ca href=\"https://www.blackhat.com/docs/us-16/materials/us-16-Jasek-GATTacking-Bluetooth-Smart-Devices-Introducing-a-New-BLE-Proxy-Tool.pdf\" target=\"_blank\"\u003e\u003cb\u003eSlides\u003c/b\u003e\u003c/a\u003e]\n\t\t\t\u003c/p\u003e\n\t\t\u003c/td\u003e\n\t\u003c/tr\u003e\n\t\u003ctr\u003e\n\t\t\u003ctd\u003e\u003cfont size=\"4\"\u003e8.\u003c/font\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\u003ccenter\u003e\u003ca href=\"https://www.youtube.com/embed/fASGU7Og5_4\" target=\"_blank\"\u003e\u003cimg src=\"https://res.cloudinary.com/marcomontalbano/image/upload/v1603432192/video_to_markdown/images/youtube--fASGU7Og5_4-c05b58ac6eb4c4700831b2b3070cd403.jpg\" alt=\"BIAS: Bluetooth Impersonation AttackS\" height=\"100%\" width=\"3200\" /\u003e\u003c/a\u003e\u003c/center\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\n\t\t\t\u003cp align=\"center\"\u003e\u003cb\u003eBIAS\u003c/b\u003e: Bluetooth Impersonation AttackS\n\t\t\t\u003cbr\u003e\n\t\t\t\u003cb\u003e Daniele Antonioli\u003c/b\u003e, \u003cb\u003eNils Ole Tippenhauer\u003c/b\u003e \u0026 \u003cb\u003eKasper Rasmussen\u003c/b\u003e\u003c/p\u003e\n\t\t\t\u003cp align=\"left\" \u003e\u003cfont size =2\u003eThe Bluetooth standard provides authentication mechanisms based on a long term pairing key, which are designed to protect against impersonation attacks. The BIAS attacks from \u003ca href=\"https://francozappa.github.io/publication/bias/paper.pdf\" target=\"_blank\"\u003eour new paper\u003c/a\u003e demonstrate that those mechanisms are broken, and that an attacker can exploit them to impersonate any Bluetooth master or slave device. Our attacks are standard-compliant, and can be combined with other attacks, including the \u003ca href=\"https://knobattack.com/\" target=\"_blank\"\u003eKNOB attack\u003c/a\u003e. In the paper, we also describe a low cost implementation of the attacks and our evaluation results on 30 unique Bluetooth devices using 28 unique Bluetooth chips.\u003c/font\u003e\n\t\t\t\u003c/p\u003e\n\t\t\t\u003cp align=\"center\"\u003e\u003ci\u003e๐Ÿ“‘ IEEE Symposium on Security and Privacy\u003c/i\u003e\n\t\t\t\u003cbr\u003e\n\t\t\t[\u003cb\u003e\u003ca href=\"https://francozappa.github.io/publication/bias/paper.pdf\" target=\"_blank\"\u003ePDF\u003c/a\u003e\u003c/b\u003e | \u003ca href=\"https://francozappa.github.io/publication/bias/\" target=\"_blank\"\u003e\u003cb\u003eProject Page\u003c/b\u003e\u003c/a\u003e | \u003ca href=\"https://www.youtube.com/watch?v=fASGU7Og5_4\u0026feature=emb_logo\" target=\"_blank\"\u003e\u003cb\u003eVideo\u003c/b\u003e\u003c/a\u003e | \u003ca href=\"https://francozappa.github.io/publication/bias/slides.pdf\" target=\"_blank\"\u003e\u003cb\u003eSlides\u003c/b\u003e\u003c/a\u003e | \u003ca href=\"https://github.com/francozappa/bias\" target=\"_blank\"\u003e\u003cb\u003ePoC\u003c/b\u003e\u003c/a\u003e]\u003c/p\u003e\n\t\t\u003c/td\u003e\n\t\u003c/tr\u003e\n\t\u003ctr\u003e\n\t\t\u003ctd\u003e\u003cfont size=\"4\"\u003e9.\u003c/font\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\u003ccenter\u003e\u003ca href=\"https://www.youtube.com/embed/iH7VPUNz-dU\" target=\"_blank\"\u003e\u003cimg src=\"https://res.cloudinary.com/marcomontalbano/image/upload/v1601458374/video_to_markdown/images/youtube--iH7VPUNz-dU-c05b58ac6eb4c4700831b2b3070cd403.jpg\" alt=\"BLEKey: Breaking Access Controls With BLEKey\" height=\"100%\" width=\"3200\" /\u003e\u003c/a\u003e\u003c/center\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\n\t\t\t\u003cp align=\"center\"\u003e\u003cb\u003eBLEKey\u003c/b\u003e: Breaking Access Controls With BLEKey \n\t\t\t\u003cbr\u003e\n\t\t\t\u003cb\u003e Eric Evenchick\u003c/b\u003e \u0026 \u003cb\u003eMark Baseggio\u003c/b\u003e\u003c/p\u003e\n\t\t\t\u003cp align=\"left\" \u003e\u003cfont size =2\u003eRFID access controls are broken. In this talk, we will demonstrate how to break into buildings using open-source hardware we are releasing.Over the years, we have seen research pointing to deficiencies in every aspect of access control systems: the cards...\u003c/font\u003e\n\t\t\t\u003c/p\u003e\n\t\t\t\u003cp align=\"center\"\u003e\u003ci\u003e\u003cimg width=\"30\" height=\"30\" src=\"image/BlackHat.jpg\"\u003e Black Hat 2016 (\u003cb\u003eBlack Hat\u003c/b\u003e) \u003c/i\u003e\n\t\t\t\u003cbr\u003e\n\t\t\t[\u003cb\u003e\u003ca href=\"\" target=\"_blank\"\u003ePDF\u003c/a\u003e\u003c/b\u003e | \u003ca href=\" \" target=\"_blank\"\u003e\u003cb\u003eProject Page\u003c/b\u003e\u003c/a\u003e | \u003ca href=\"https://www.youtube.com/embed/iH7VPUNz-dU\" target=\"_blank\"\u003e\u003cb\u003eVideo\u003c/b\u003e\u003c/a\u003e]\u003c/p\u003e\n\t\t\u003c/td\u003e\n\t\u003c/tr\u003e\n\u003c/table\u003e\n\u003ctable\u003e\n\t\u003ctr\u003e\n\t\t\u003ctd\u003e\u003cfont size=\"4\"\u003e10.\u003c/font\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\u003ccenter\u003e\u003ca href=\"https://www.youtube.com/embed/s79CG2Os0Nc\" target=\"_blank\"\u003e\u003cimg src=\"https://res.cloudinary.com/marcomontalbano/image/upload/v1601458432/video_to_markdown/images/youtube--s79CG2Os0Nc-c05b58ac6eb4c4700831b2b3070cd403.jpg\" alt=\"MASHaBLE: Mobile Applications of Secret Handshakes Over Bluetooth LE\" height=\"280\" width=\"6000\" /\u003e\u003c/a\u003e\u003c/center\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\n\t\t\t\u003cp align=\"center\"\u003e\u003cb\u003eMASHaBLE\u003c/b\u003e: Mobile Applications of Secret Handshakes Over Bluetooth LE \n\t\t\t\u003cbr\u003e\n\t\t\t\u003cb\u003eYan Michalevsky\u003c/b\u003e\u003c/p\u003e\n\t\t\t\u003cp align=\"left\" \u003e\u003cfont size =2\u003eIn this talk, we present new applications for cryptographic secret handshakes between mobile devices on top of Bluetooth Low-Energy (LE). Secret handshakes enable mutual authentication between parties that did not meet before (and therefore don't trust each other) but are both associated with a virtual secret group or community...\u003c/font\u003e\n\t\t\t\u003c/p\u003e\n\t\t\t\u003cp align=\"center\"\u003e\u003ci\u003e\u003cimg width=\"30\" height=\"30\" src=\"image/BlackHat.jpg\"\u003e Black Hat 2016 (\u003cb\u003eBlack Hat\u003c/b\u003e) \u003c/i\u003e\n\t\t\t\u003cbr\u003e\n\t\t\t[\u003cb\u003e\u003ca href=\"https://www.blackhat.com/docs/asia-17/materials/asia-17-Michalevsky-MASHABLE-Mobile-Applications-Of-Secret-Handshakes-Over-Bluetooth-LE-wp.pdf\" target=\"_blank\"\u003ePDF\u003c/a\u003e\u003c/b\u003e | \u003ca href=\"https://www.blackhat.com/asia-17/briefings.html#mashable-mobile-applications-of-secret-handshakes-over-bluetooth-le\" target=\"_blank\"\u003e\u003cb\u003eProject Page\u003c/b\u003e\u003c/a\u003e | \u003ca href=\"https://www.youtube.com/watch?v=s79CG2Os0Nc\" target=\"_blank\"\u003e\u003cb\u003eVideo\u003c/b\u003e\u003c/a\u003e]\u003c/p\u003e\n\t\t\u003c/td\u003e\n\t\u003c/tr\u003e\n\t\u003ctr\u003e\n\t\t\u003ctd\u003e\u003cfont size=\"4\"\u003e11.\u003c/font\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\u003ccenter\u003e\u003ca href=\"https://www.youtube.com/embed/X2ARyfjzxhY\" target=\"_blank\"\u003e\u003cimg src=\"https://res.cloudinary.com/marcomontalbano/image/upload/v1601458478/video_to_markdown/images/youtube--X2ARyfjzxhY-c05b58ac6eb4c4700831b2b3070cd403.jpg\" alt=\"Safe Mode Wireless Village - The Basics Of Breaking BLE v3\" height=\"280\" width=\"6000\" /\u003e\u003c/a\u003e\u003c/center\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\n\t\t\t\u003cp align=\"center\"\u003e\u003cb\u003eSafe Mode Wireless Village\u003c/b\u003e - The Basics Of Breaking BLE v3 \n\t\t\t\u003cbr\u003e\n\t\t\t\u003cb\u003e FreqyXin\u003c/b\u003e\u003c/p\u003e\n\t\t\t\u003cp align=\"left\" \u003e\u003cfont size =2\u003eEvolving over the past twenty-two years, Bluetooth, especially Bluetooth Low Energy (BLE), has become the ubiquitous backbone ...\u003c/font\u003e\n\t\t\t\u003c/p\u003e\n\t\t\t\u003cp align=\"center\"\u003e\u003ci\u003e\u003cimg width=\"30\" height=\"30\" src=\"image/DEFCON.jpg\"\u003e DefConference 2020 (\u003cb\u003eDEFCOON\u003c/b\u003e) \u003c/i\u003e\n\t\t\t\u003cbr\u003e\n\t\t\t[\u003cb\u003e\u003ca href=\" \" target=\"_blank\"\u003ePDF\u003c/a\u003e\u003c/b\u003e | \u003ca href=\" \" target=\"_blank\"\u003e\u003cb\u003eProject Page\u003c/b\u003e\u003c/a\u003e | \u003ca href=\"https://www.youtube.com/watch?v=X2ARyfjzxhY\" target=\"_blank\"\u003e\u003cb\u003eVideo\u003c/b\u003e\u003c/a\u003e]\u003c/p\u003e\n\t\t\u003c/td\u003e\n\t\u003c/tr\u003e\n\t\u003ctr\u003e\n\t\t\u003ctd\u003e\u003cfont size=\"4\"\u003e12.\u003c/font\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\u003ccenter\u003e\u003ca href=\"https://www.youtube.com/watch?v=v9Xg9XcnNh0\" target=\"_blank\"\u003e\u003cimg src=\"https://res.cloudinary.com/marcomontalbano/image/upload/v1605671088/video_to_markdown/images/youtube--v9Xg9XcnNh0-c05b58ac6eb4c4700831b2b3070cd403.jpg\" alt=\"USENIX Security '19 - The KNOB is Broken: Exploiting Low Entropy in the Encryption Key\" height=\"280\" width=\"6000\" /\u003e\u003c/a\u003e\u003c/center\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\n\t\t\t\u003cp align=\"center\"\u003e\u003cb\u003eKey Negotiation Of Bluetooth (KNOB)\u003c/b\u003e: Breaking Bluetooth Security\n\t\t\t\t\u003cbr\u003e\n\t\t\t\t\u003cb\u003eDaniele Antonioli, SUTD\u003c/b\u003e\n\t\t\t\u003c/p\u003e\n\t\t\t\u003cp align=\"left\" \u003e\u003cfont size =2\u003eWe present an attack on the encryption key negotiation protocol of Bluetooth BR/EDR. The attack allows a third party, without knowledge of any secret material (such as link and encryption keys), to make two (or more) victims agree on an encryption key with only 1 byte (8 bits) of entropy. Such low entropy enables the attacker to easily brute force the negotiated encryption keys, decrypt the eavesdropped ciphertext, and inject valid encrypted messages (in real-time)....\u003c/font\u003e\n\t\t\t\u003c/p\u003e\n\t\t\t\u003cp align=\"center\"\u003e\u003ci\u003e\u003cimg width=\"30\" height=\"30\" src=\"image/USENIX.jpg\"\u003e \u003cb\u003eUSENIX Security 19\u003c/b\u003e\u003c/i\u003e\n\t\t\t\u003cbr\u003e\n\t\t\t[\u003cb\u003e\u003ca href=\"https://www.usenix.org/system/files/sec19-antonioli.pdf\" target=\"_blank\"\u003ePDF\u003c/a\u003e\u003c/b\u003e | \u003ca href=\"https://knobattack.com/\" target=\"_blank\"\u003e\u003cb\u003eProject Page\u003c/b\u003e\u003c/a\u003e | \u003ca href=\"https://www.youtube.com/watch?v=v9Xg9XcnNh0\" target=\"_blank\"\u003e\u003cb\u003eVideo\u003c/b\u003e\u003c/a\u003e | \u003ca href=\"https://github.com/francozappa/knob/tree/master/poc-internalblue\" target=\"_blank\"\u003e\u003cb\u003ePoC\u003c/b\u003e\u003c/a\u003e]\u003c/p\u003e\n\t\t\u003c/td\u003e\n\t\u003c/tr\u003e\n\u003c/table\u003e\n\u003ctable\u003e\n\t\u003ctr\u003e\n\t\t\u003ctd\u003e\u003cfont size=\"4\"\u003e13.\u003c/font\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\u003ccenter\u003e\u003ca href=\"https://www.youtube.com/embed/gCQ3iSy6R-U\" target=\"_blank\"\u003e\u003cimg src=\"https://res.cloudinary.com/marcomontalbano/image/upload/v1601458589/video_to_markdown/images/youtube--gCQ3iSy6R-U-c05b58ac6eb4c4700831b2b3070cd403.jpg\" alt=\"Bluetooth Reverse Engineering: Tools and Techniques\" height=\"320\" width=\"540\" /\u003e\u003c/a\u003e\u003c/center\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\n\t\t\t\u003cp align=\"center\"\u003eBluetooth Reverse Engineering: Tools and Techniques\n\t\t\t\t\u003cbr\u003e\n\t\t\t\t\u003cb\u003eMike Ryan, Founder\u003c/b\u003e, ICE9 Consulting\n\t\t\t\u003c/p\u003e\n\t\t\t\u003cp align=\"left\" \u003e\n\t\t\t\t\u003cfont size =2\u003eWith the continuing growth of IoT, more and more devices are entering the market with Bluetooth. This talk will shed some light on how these devices use Bluetooth and will cover reverse engineering techniques that in many cases can be accomplished with hardware you already have! Whether you're a Bluetooth newbie or a seasoned pro, youโ€™ll learn something from this talk....\u003c/font\u003e\n\t\t\t\u003c/p\u003e\n\t\t\t\u003cp align=\"center\"\u003e\n\t\t\t\t\u003cimg width=\"30\" height=\"30\" src=\"image/RSA_Conference.png\"\u003e \u003ci\u003eRSA Conference\u003c/i\u003e\n\t\t\t\t\u003cbr\u003e[\u003cb\u003e\u003ca href=\"https://www.blackhat.com/docs/asia-17/materials/asia-17-Michalevsky-MASHABLE-Mobile-Applications-Of-Secret-Handshakes-Over-Bluetooth-LE-wp.pdf\" target=\"_blank\"\u003ePDF\u003c/a\u003e\u003c/b\u003e | \u003ca href=\"https://www.blackhat.com/asia-17/briefings.html#mashable-mobile-applications-of-secret-handshakes-over-bluetooth-le\" target=\"_blank\"\u003e\u003cb\u003eProject Page\u003c/b\u003e\u003c/a\u003e | \u003ca href=\"https://www.youtube.com/watch?v=gCQ3iSy6R-U\" target=\"_blank\"\u003e\u003cb\u003eVideo\u003c/b\u003e\u003c/a\u003e]\n\t\t\t\u003c/p\u003e\n\t\t\u003c/td\u003e\n\t\u003c/tr\u003e\n\t\u003ctr\u003e\n\t\t\u003ctd\u003e\u003cfont size=\"4\"\u003e14.\u003c/font\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\u003ccenter\u003e\u003ca href=\"https://www.youtube.com/watch?v=QkGCP2mfbJ8\" target=\"_blank\"\u003e\u003cimg src=\"https://github.com/hexway/apple_bleee/raw/master/img/status_gif.gif\" alt=\"Apple bleee\" height=\"320\" width=\"540\" /\u003e\u003c/a\u003e\u003c/center\u003e\u003c/td\u003e\n\t\t\u003ctd\u003e\n\t\t\t\u003cp align=\"center\"\u003e\u003cb\u003eApple bleee\u003c/b\u003e: What happens on your iPhone, stays on your iPhone\n\t\t\t\t\u003cbr\u003e\n\t\t\t\t\u003cb\u003eJeremy Martin*,\u003c/b\u003e Douglas Alpuche, Kristina Bodeman\n\t\t\t\u003c/p\u003e\n\t\t\t\u003cp align=\"left\" \u003e\n\t\t\t\t\u003cfont size =2\u003eHandoff All Your Privacy โ€“ A Review of Appleโ€™s Bluetooth Low Energy Continuity Protocol ....\u003c/font\u003e\n\t\t\t\u003c/p\u003e\n\t\t\t\u003cp align=\"center\"\u003e\n\t\t\t\t\u003cimg width=\"30\" height=\"30\" src=\"https://user-images.githubusercontent.com/29084184/128975720-f5d43ba0-9b5a-45f5-9ac8-49f507467c6b.png\"\u003e \u003ci\u003eApple bleee\u003c/i\u003e\n\t\t\t\t\u003cbr\u003e[\u003cb\u003e\u003ca href=\"https://arxiv.org/pdf/1904.10600.pdf\" target=\"_blank\"\u003ePDF\u003c/a\u003e\u003c/b\u003e | \u003ca href=\"https://hexway.io/research/apple-bleee/\" target=\"_blank\"\u003e\u003cb\u003eProject Page\u003c/b\u003e\u003c/a\u003e | \u003ca href=\"https://www.youtube.com/watch?v=Bi602yAIBAw\" target=\"_blank\"\u003e\u003cb\u003eVideo\u003c/b\u003e\u003c/a\u003e | \u003ca href=\"https://github.com/hexway/apple_bleee\" target=\"_blank\"\u003e\u003cb\u003ePoC\u003c/b\u003e\u003c/a\u003e | \u003ca href=\"https://www.mac4n6.com/blog/2018/12/3/airdrop-analysis-of-the-udp-unsolicited-dick-pic\" target=\"_blank\"\u003e\u003cb\u003eAnalysis\u003c/b\u003e\u003c/a\u003e]\n\t\t\t\u003c/p\u003e\n\t\t\u003c/td\u003e\n\t\u003c/tr\u003e\n\u003c/table\u003e\n\n\u003cbr\u003e\n\t\n[research]: https://cdn4.iconfinder.com/data/icons/48-bubbles/48/12.File-32.png \"Research\"\n[slides]: https://cdn3.iconfinder.com/data/icons/tango-icon-library/48/x-office-presentation-32.png \"Slides\"\n[video]: https://cdn2.iconfinder.com/data/icons/snipicons/500/video-32.png \"Video\"\n[web]: https://cdn3.iconfinder.com/data/icons/tango-icon-library/48/internet-web-browser-32.png \"Website or blog post\"\n[code]: https://cdn2.iconfinder.com/data/icons/snipicons/500/application-code-32.png \"Code\"\n[other]: https://cdn3.iconfinder.com/data/icons/tango-icon-library/48/emblem-symbolic-link-32.png \"Uncategorized\"\n\n### Legend:\n|Type| Icon|\n|---|---|\n| Research | ![][research]|\n| Slides | ![][slides] |\n| Video | ![][video] |\n| Website / Blog post | ![][web] |\n| Code | ![][code]|\n| Other | ![][other]|\n\n\u003cbr\u003e\n\n## [โ–ฒ](#table-of-content) Adversarial examples\n| Type | Title| Categories |\n|---|:---|---|\n|![][video] | [\u003cb\u003eBlueBorne\u003c/b\u003e - A New Class of Airborne Attacks that can Remotely Compromise Any Linux/IoT Device](https://www.youtube.com/watch?v=WWQTlogqF1I) | \u003cimg width=\"30\" height=\"30\" src=\"image/BlackHat.jpg\"\u003e \u003ci\u003eBlack Hat 2017\u003c/i\u003e |\n|![][video] | [Hack.lu 2016 \u003cb\u003eBtleJuice\u003c/b\u003e: the Bluetooth Smart Man In The Middle Framework by Damiel Cauquil](https://www.youtube.com/watch?v=G08fh5Sa7TU)| \u003cimg width=\"30\" height=\"30\" src=\"image/BlackHat.jpg\"\u003e \u003ci\u003eBlack Hat 2016\u003c/i\u003e |\n|![][video] | [\u003cb\u003eMASHaBLE\u003c/b\u003e: Mobile Applications of Secret Handshakes Over Bluetooth LE](https://www.youtube.com/watch?v=s79CG2Os0Nc)| \u003cimg width=\"30\" height=\"30\" src=\"image/BlackHat.jpg\"\u003e \u003ci\u003eBlack Hat 2017\u003c/i\u003e |\n|![][video] | [Automatic Discovery of Evasion Vulnerabilities Using Targeted Protocol \u003cb\u003eFuzzing\u003c/b\u003e](https://www.youtube.com/watch?v=NDWGwrMk3AU)| \u003cimg width=\"30\" height=\"30\" src=\"image/BlackHat.jpg\"\u003e \u003ci\u003eBlack Hat 2017\u003c/i\u003e |\n|![][video] | [Effective File Format \u003cb\u003eFuzzing\u003c/b\u003e โ€“ Thoughts, Techniques and Results](https://www.youtube.com/watch?v=qTTwqFRD1H8)| \u003cimg width=\"30\" height=\"30\" src=\"image/BlackHat.jpg\"\u003e \u003ci\u003eBlack Hat 2016\u003c/i\u003e |\n|![][video] | [Hacking the Wireless World with Software Defined Radio - 2.0](https://www.youtube.com/watch?v=x3UUazj0tkg)| \u003cimg width=\"30\" height=\"30\" src=\"image/BlackHat.jpg\"\u003e \u003ci\u003eBlack Hat 2014\u003c/i\u003e |\n|![][video] | [Hacking the Wireless World with Software Defined Radio - 2.0+](https://www.youtube.com/watch?v=MKbU3HhG2vk)| \u003cimg width=\"30\" height=\"30\" src=\"image/BlackHat.jpg\"\u003e \u003ci\u003eBlack Hat 2015 \u003c/i\u003e |\n|![][video] | [DEF CON 26 - Damien virtualabs Cauquil - You had better secure your BLE devices](https://www.youtube.com/watch?v=VHJfd9h6G2s\u0026t=646s)| \u003cimg width=\"30\" height=\"30\" src=\"image/DEFCON.jpg\"\u003e DEFCON |\n|![][video] | [DEF CON 24 Wireless Village - Jose Gutierrez and Ben Ramsey - How Do I BLE Hacking](https://www.youtube.com/watch?v=oP6sx2cObrY)| \u003cimg width=\"30\" height=\"30\" src=\"image/DEFCON.jpg\"\u003e DEFCON |\n|![][video] | [DEF CON Safe Mode Wireless Village - FreqyXin - The Basics Of Breaking](https://www.youtube.com/watch?v=X2ARyfjzxhY)|\u003cimg width=\"30\" height=\"30\" src=\"image/DEFCON.jpg\"\u003e DEFCON |\n|![][video] | [DEF CON 26 - Vincent Tan - Hacking BLE Bicycle Locks for Fun and a Small Profit](https://www.youtube.com/watch?v=O-caTVpHWoY)|\u003cimg width=\"30\" height=\"30\" src=\"image/DEFCON.jpg\"\u003e DEFCON |\n|![][video] | [DEF CON 26 WIRELESS VILLAGE - ryan holeman - BLE CTF](https://www.youtube.com/watch?v=lx5MAOyu9N0)|\u003cimg width=\"30\" height=\"30\" src=\"image/DEFCON.jpg\"\u003e DEFCON |\n|![][video] | [DEF CON 21 - Ryan Holeman - The Bluetooth Device Database](https://www.youtube.com/watch?v=BqiIERArnA8)|\u003cimg width=\"30\" height=\"30\" src=\"image/DEFCON.jpg\"\u003e DEFCON |\n|![][video] | [DEF CON 22 - Grant Bugher - Detecting Bluetooth Surveillance Systems](https://www.youtube.com/watch?v=85uwy0ACJJw)|\u003cimg width=\"30\" height=\"30\" src=\"image/DEFCON.jpg\"\u003e DEFCON |\n|![][video] | [KnighTV Episode 11: Hacking BLe Devices Part 1/6: Attacking August Smart Lock Pro](https://www.youtube.com/watch?v=3e4DBk5BKLg)| Tutorial |\n|![][video] | [Gattacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool](https://www.youtube.com/watch?v=uKqdb4lF0XU\u0026list=LLxFkZjbpt0KyhEv1d342SQQ\u0026index=6)| \u003cimg width=\"30\" height=\"30\" src=\"image/BlackHat.jpg\"\u003e \u003ci\u003eBlack Hat 2016\u003c/i\u003e |\n|![][video] | [Bluetooth Reverse Engineering: Tools and Techniques](https://www.youtube.com/watch?v=gCQ3iSy6R-U)| \u003cimg width=\"30\" height=\"30\" src=\"image/RSA_Conference.png\"\u003e \u003ci\u003eRSA Conference 2019\u003c/i\u003e |\n|![][video] | [Hopping into Enterprise Networks from Thin Air with BLEEDINGBIT](https://www.youtube.com/watch?v=ASod9cRtZf4)| \u003cimg width=\"30\" height=\"30\" src=\"image/RSA_Conference.png\"\u003e \u003ci\u003eRSA Conference 2019\u003c/i\u003e |\n|![][research] | \u003cins\u003eๆผๆดž้ข„่ญฆ \\| BleedingBit่“็‰™่Šฏ็‰‡่ฟœ็จ‹ไปฃ็ ๆ‰ง่กŒๆผๆดž\u003c/ins\u003e [่งฃ่ฏป1](https://www.anquanke.com/post/id/163307) \\| [่งฃ่ฏป2](https://www.secpulse.com/archives/78841.html)| Analysis |\n|![][video] | [BA03 Breaking the Teeth of Bluetooth Padlocks Adrian Crenshaw](https://www.youtube.com/watch?v=k8Tp5hj6ylY)| ShowMeCon 2016 |\n|![][video] | [The NSA Playset Bluetooth Smart Attack Tools](https://www.youtube.com/watch?v=_Z4gYyrKVFM)| \u003cimg width=\"30\" height=\"30\" src=\"image/DEFCON.jpg\"\u003e DEFCON |\n\n\u003c!--\n\u003cdiv align=\"center\"\u003e\n \u003ca href=\"https://github.com/Charmve/\"\u003e\u003cimg src=\"image.jpg\"\u003e\u003c/a\u003e\n\u003c/div\u003e\n\u003cbr\u003e\n---\u003e\n\n## [โ–ฒ](#table-of-content) To-Do\n- 2020.10 \u003ca href=\"https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq\" target=\"_blank\"\u003e\u003cb\u003eBleedingTooth\u003c/b\u003e\u003c/a\u003e CVE-2020-12351 CVE-2020-12352 CVE-2020-24490\u003cbr\u003e\n- 2020.04 \u003ca href=\"https://francozappa.github.io/about-bias/\" target=\"_blank\"\u003e\u003cb\u003eBIAS\u003c/b\u003e\u003c/a\u003e CVE-2020-10135\u003cbr\u003e\n- 2020.03 \u003ca href=\"https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq\" target=\"_blank\"\u003e\u003cb\u003eBluewave\u003c/b\u003e\u003c/a\u003e CVE-2020-3848 CVE-2020-3849 CVE-2020-3850\u003cbr\u003e\n- 2020.03 \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2020-15802\" target=\"_blank\"\u003e\u003cb\u003eBLURtooth\u003c/b\u003e\u003c/a\u003e CVE-2020-15802\u003cbr\u003e\n- 2020.03 \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2020-9770\" target=\"_blank\"\u003eBLESA\u003c/a\u003e CVE-2020-9770\u003cbr\u003e\n- 2020.03 \u003ca href=\"https://knobattack.com/\" target=\"_blank\"\u003eKNOB\u003c/a\u003e CVE-2019-9506\u003cbr\u003e\n\n## Code of Conduct\n\n[ๅ…่ดฃ็”ณๆ˜Ž Code of Conduct](Code-of-Conduct.md)\n \n## Citation\nUse this bibtex to cite this repository:\n```\n@misc{BLE Security,\n title={Bluetooth LE-Security: Method, Tools and Stack},\n author={Charmve},\n year={2020.09},\n publisher={Github},\n journal={GitHub repository},\n howpublished={\\url{https://github.com/Charmve/BLE-Security-Attack-Defence}},\n}\n```\n\u003cstrong\u003e*updade on 2021/08/05\u003c/strong\u003e @ \u003ca href=\"https://github.com/Charmve\" target=\"_blank\"\u003e\u003cb\u003eCharmve\u003c/b\u003e\u003c/a\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcharmve%2Fble-security-attack-defence","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcharmve%2Fble-security-attack-defence","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcharmve%2Fble-security-attack-defence/lists"}