Notable Vulnerabilities
Vulnerability name
Conference & Year published
Vulnerability website URL
Paper URL
Video URL
SIG Notice
Technology Impacted
Related CVE
CVE-2017-8628, CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785, CVE-2017-14315, CVE-2017-1000250, CVE-2017-1000251, CVE-2017-14315, CVE-2017-1000410
CVE-2018-7080, CVE-2018-16986
Fixed Coordinate Invalid Curve Attack
CVE-2019-16336, CVE-2019-17060, CVE-2019-17061, CVE-2019-17517, CVE-2019-17518, CVE-2019-17519, CVE-2019-17520, CVE-2019-19192, CVE-2019-19193, CVE-2019-19194, CVE-2019-19195, CVE-2019-19196, CVE-2020-10061, CVE-2020-10069, CVE-2020-13593, CVE-2020-13594, CVE-2020-13595
CVE-2019-15063, CVE-2020-10367, CVE-2020-10368, CVE-2020-10369, CVE-2020-10370
CVE-2020-12351, CVE-2020-12352, CVE-2020-24490
CVE-2020-26555, CVE-2020-26556, CVE-2020-26557, CVE-2020-26558, CVE-2020-26559, CVE-2020-26560
CVE-2021-28135, CVE-2021-28136, CVE-2021-28139, CVE-2021-28155, CVE-2021-31717, CVE-2021-31609, CVE-2021-31611, CVE-2021-31612, CVE-2021-31613, CVE-2021-31785, CVE-2021-31786, CVE-2021-31610, CVE-2021-34143, CVE-2021-34144, CVE-2021-34145, CVE-2021-34146, CVE-2021-34147, CVE-2021-34148, CVE-2021-34149, CVE-2021-34150
Conference Talks
2003
2004
2005
2006
2007
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
Scanners & Sniffers
Fuzzing
Firmware Analysis
Man-in-the-middle & Packet Injection
Device Spoofing
Denial of Service
Honeypot
Android Apps
Hardware
Other
Primary Reference Materials
Useful Sites
DEF CON 11 - Bruce Potter - Bluetooth - The Future of Wardriving
21C3 - Marcel Holtmann, Martin Herfurt, Adam Laurie - Bluetooth Hacking
Black Hat USA 2004 - Adam Laurie, Martin Herfurt - BlueSnarfing The Risk From Digital Pickpockets
22C3 - Marcel Holtmann, Martin Herfurt, Adam Laurie - Bluetooth Hacking - The State of The Art
23C3 - Thierry Zoller, Kevin Finistere - Bluetooth Hacking Revisited
Black Hat USA 2006 - Bruce Potter - Bluetooth Defense Kit Black Hat
DeepSec 2007 - Marcel Holtmann - New Security Model of Bluetooth 2.1
DEF CON 17 - Dominic Spill, Michael Ossmann, and Mark Steward - Bluetooth Smells like Chicken
Shmoocon 2009 - Bluetooth-Ossman.m4v
Shmoocon 2010 - Michael Ossmann - Bluetooth Keyboards: Who Owns Your Keystrokes?
DEF CON 18: Breaking Bluetooth by Being Bored 1/3
ShmooCon 2011 - Project Ubertooth: Building a Better Bluetooth Adapter
DeepSec 2011 - Tommi Makila & Jukka Taimisto: Intelligent Bluetooth Fuzzing - Why bother?
Ruxcon 2012 - Dominic Spill - Bluetooth Packet Sniffing Using Project Ubertooth
Toorcon 2012 - Hacking Bluetooth Low Energy: I Am Jack's Heart Monitor
DEF CON 20 - Passive Bluetooth Monitoring in Scapy
USENIX WOOT 2013 - Mike Ryan - Bluetooth: With Low Energy Comes Low Security
ShmooCon 9 - How Smart Is Bluetooth Smart?
Black Hat USA 2013 - Bluetooth Smart: The Good, the Bad, the Ugly, and the Fix!
DeepSec 2013 - Veronica Valeros & Sebastian Garcia: Uncovering your Trails - Privacy Issues of Bluetooth Devices
CanSecWest 2014 - Outsmarting Bluetooth Smart
DEF CON 22 - The NSA Playset Bluetooth Smart Attack Tools
DEF CON 22 - Grant Bugher - Detecting Bluetooth Surveillance Systems
DEF CON 23 - Mike Ryan and Richo Healey - Hacking Electric Skateboards
DEF CON 24 - Anthony Rose, Ben Ramsey - Picking Bluetooth Low Energy Locks a Quarter Mile Away
DEF CON 24 - Realtime Bluetooth Device Detection with Blue Hydra
DEF CON 24 Internet of Things Village Damien Cauquil Btlejuice The Bluetooth Smart Mitm Framework
Black Hat USA 2016 - Gattacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool
Hack.lu 2016 - Damiel Cauquil - BtleJuice: the Bluetooth Smart Man In The Middle Framework
EMF16 - Michael Ossmann - My Ubertooth Year
Black Hat Europe 2017 - Ben Seri, Gregory Vishnepolsky - BlueBorne - A New Class of Airborne Attacks
DEF CON 26 - Damien Cauquil - You had better secure your BLE devices
35C3 - Dennis Mantz and Jiska Classen - Dissecting Broadcom Bluetooth
MRMCD2018 - Dennis Mantz and Jiska Classen - A Deep Dive into Bluetooth Controller Firmware
Black Hat Europe 2018 - Ben Seri, Dor Zusman - BLEEDINGBIT Your APs Belong to Us
DEF CON 27 - Damien Cauquil - Defeating Bluetooth Low Energy 5 PRNG for Fun and Jamming
USENIX Security '19 - Pallavi Sivakumaran - A Study of the Feasibility of Co-located App Attacks against BLE
RSA 2019 - Mike Ryan - Bluetooth Reverse Engineering: Tools and Techniques
Hardwear.io USA 2019 - Mike Ryan - Bluetooth Hacking: Tools And Techniques
Hardwear.io Netherlands 2019 - Sultan Qasim Khan - Sniffle: A low-cost sniffer for Bluetooth 5
MRMCD2019 - Dennis Mantz and Jiska Classen - Playing with Bluetooth
BruCON 0x0B - Damien Cauquil - Defeating Bluetooth Low Energy 5 PRNG for fun and jamming
Hack.LU 2019 - Damien Cauquil - Defeating Bluetooth Low Energy 5 PRNG For Fun And Jamming
CyberCamp19 - Pablo González - Audit and hacking to Bluetooth Low-Energy (BLE) devices
Hardwear.io Virtual Con 2020 - Daniele Antonioli - From Bluetooth Standard to Standard Compliant 0-days
DEF CON 28 - Jiska Classen and Francesco Gringoli - Spectra — New Wireless Escalation Targets
DEF CON 28 - Maxine Filcher - The Basics Of Breaking BLE v3
USENIX WOOT 2020 - Jianliang Wu - BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy
USENIX WOOT 2020 - Dennis Heinze, Jiska Classen, Matthias Hollick - ToothPicker: Apple Picking in the iOS Bluetooth Stack
USENIX 2020 - Yue Zhang - Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks
Black Hat Europe 2020 - Wang Yu - Please Make a Dentist Appointment ASAP: Attacking IOBluetoothFamily HCI and Vendor-Specific Commands
Ekoparty 2020 - Cecilia Pastorino and Dan Borgogno - Bluetooth Low Energy Hacking 101
rC3 2020 - Jiska Classen - Exposure Notification Security
CCC #DiVOC2020 - Jiska Classen - Finding Eastereggs in Broadcom's Bluetooth Random Number Generator
CCC #DiVOC2020 - Jan Ruge - No PoC? No Fix! - A sad Story about Bluetooth Security
WOOT2021 - Tristan Claverie, José Lopes Esteves - BlueMirror: Reflections on Bluetooth Pairing and Provisioning Protocols
Hardwear.io NL 2021 - Tristan Claverie, José Lopes Esteves - BlueMirror: Defeating Authentication In Bluetooth Protocols
BlueZ (l2ping, gatttool, hciconfig, hcidump, hcitool, sdptool, bccmd, bluetoothctl, etc.)
bleah (deprecated, replaced by Bettercap)
Nordic Semiconductor nRF-51 Development Kit
Frontline Bluetooth Tools
Wireshark: Protocol analyzer and packet capture
Frontline Wireless Protocol Suite (Windows only)
Uberducky (BLE-triggered rubber ducky)
CarWhisperer: Bluetooth sniffer for in-vehicle connections
BLEBoy: BLE testing platform
Bluetooth Core Specifications
NIST Special Publication (SP) 800-121 revision 2
Bluetooth arsenal tool list
Mike Ryan's Bluetooth info
Colin Mulliner's Bluetooth info
BlackArch Linux tool list
Bluetooth pen test framework