Bluetooth Security
Last updated
Last updated
| Vulnerability name | Conference & Year published | Vulnerability website URL | Paper URL | Video URL | SIG Notice | Technology Impacted | Related CVE |
|---|---|---|---|---|---|---|---|
DEF CON 11 - Bruce Potter - Bluetooth - The Future of Wardriving Video
21C3 - Marcel Holtmann, Martin Herfurt, Adam Laurie - Bluetooth Hacking Video
Black Hat USA 2004 - Adam Laurie, Martin Herfurt - BlueSnarfing The Risk From Digital Pickpockets Video
22C3 - Marcel Holtmann, Martin Herfurt, Adam Laurie - Bluetooth Hacking - The State of The Art Video
23C3 - Thierry Zoller, Kevin Finistere - Bluetooth Hacking Revisited Video
Black Hat USA 2006 - Bruce Potter - Bluetooth Defense Kit Black Hat Video
DeepSec 2007 - Marcel Holtmann - New Security Model of Bluetooth 2.1 Video
DEF CON 17 - Dominic Spill, Michael Ossmann, and Mark Steward - Bluetooth Smells like Chicken Video
Shmoocon 2009 - Bluetooth-Ossman.m4v Video
Shmoocon 2010 - Michael Ossmann - Bluetooth Keyboards: Who Owns Your Keystrokes? Video
DEF CON 18: Breaking Bluetooth by Being Bored 1/3 Video
ShmooCon 2011 - Project Ubertooth: Building a Better Bluetooth Adapter Video
DeepSec 2011 - Tommi Makila & Jukka Taimisto: Intelligent Bluetooth Fuzzing - Why bother? Video
Ruxcon 2012 - Dominic Spill - Bluetooth Packet Sniffing Using Project Ubertooth Video
Toorcon 2012 - Hacking Bluetooth Low Energy: I Am Jack's Heart Monitor Video
DEF CON 20 - Passive Bluetooth Monitoring in Scapy Video
USENIX WOOT 2013 - Mike Ryan - Bluetooth: With Low Energy Comes Low Security Video
ShmooCon 9 - How Smart Is Bluetooth Smart? Video
Black Hat USA 2013 - Bluetooth Smart: The Good, the Bad, the Ugly, and the Fix! Video
DeepSec 2013 - Veronica Valeros & Sebastian Garcia: Uncovering your Trails - Privacy Issues of Bluetooth Devices Video
CanSecWest 2014 - Outsmarting Bluetooth Smart Video
DEF CON 22 - The NSA Playset Bluetooth Smart Attack Tools Video
DEF CON 22 - Grant Bugher - Detecting Bluetooth Surveillance Systems Video
DEF CON 23 - Mike Ryan and Richo Healey - Hacking Electric Skateboards Video
DEF CON 24 - Anthony Rose, Ben Ramsey - Picking Bluetooth Low Energy Locks a Quarter Mile Away Video
DEF CON 24 - Realtime Bluetooth Device Detection with Blue Hydra Video
DEF CON 24 Internet of Things Village Damien Cauquil Btlejuice The Bluetooth Smart Mitm Framework Video
Black Hat USA 2016 - Gattacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool Video
Hack.lu 2016 - Damiel Cauquil - BtleJuice: the Bluetooth Smart Man In The Middle Framework Video
EMF16 - Michael Ossmann - My Ubertooth Year Video
Black Hat Europe 2017 - Ben Seri, Gregory Vishnepolsky - BlueBorne - A New Class of Airborne Attacks Video
DEF CON 26 - Damien Cauquil - You had better secure your BLE devices Video
35C3 - Dennis Mantz and Jiska Classen - Dissecting Broadcom Bluetooth Video
MRMCD2018 - Dennis Mantz and Jiska Classen - A Deep Dive into Bluetooth Controller Firmware Video
Black Hat Europe 2018 - Ben Seri, Dor Zusman - BLEEDINGBIT Your APs Belong to Us Video
DEF CON 27 - Damien Cauquil - Defeating Bluetooth Low Energy 5 PRNG for Fun and Jamming Video
USENIX Security '19 - Pallavi Sivakumaran - A Study of the Feasibility of Co-located App Attacks against BLE Video
RSA 2019 - Mike Ryan - Bluetooth Reverse Engineering: Tools and Techniques Video
Hardwear.io USA 2019 - Mike Ryan - Bluetooth Hacking: Tools And Techniques Video
Hardwear.io Netherlands 2019 - Sultan Qasim Khan - Sniffle: A low-cost sniffer for Bluetooth 5 Video
MRMCD2019 - Dennis Mantz and Jiska Classen - Playing with Bluetooth Video
BruCON 0x0B - Damien Cauquil - Defeating Bluetooth Low Energy 5 PRNG for fun and jamming Video
Hack.LU 2019 - Damien Cauquil - Defeating Bluetooth Low Energy 5 PRNG For Fun And Jamming Video
CyberCamp19 - Pablo González - Audit and hacking to Bluetooth Low-Energy (BLE) devices Video
Hardwear.io Virtual Con 2020 - Daniele Antonioli - From Bluetooth Standard to Standard Compliant 0-days Video
DEF CON 28 - Jiska Classen and Francesco Gringoli - Spectra — New Wireless Escalation Targets Video
DEF CON 28 - Maxine Filcher - The Basics Of Breaking BLE v3 Video
USENIX WOOT 2020 - Jianliang Wu - BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy Video
USENIX WOOT 2020 - Dennis Heinze, Jiska Classen, Matthias Hollick - ToothPicker: Apple Picking in the iOS Bluetooth Stack Video
USENIX 2020 - Yue Zhang - Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks Video
Black Hat Europe 2020 - Wang Yu - Please Make a Dentist Appointment ASAP: Attacking IOBluetoothFamily HCI and Vendor-Specific Commands Video
Ekoparty 2020 - Cecilia Pastorino and Dan Borgogno - Bluetooth Low Energy Hacking 101 Video
rC3 2020 - Jiska Classen - Exposure Notification Security Video
CCC #DiVOC2020 - Jiska Classen - Finding Eastereggs in Broadcom's Bluetooth Random Number Generator Video
CCC #DiVOC2020 - Jan Ruge - No PoC? No Fix! - A sad Story about Bluetooth Security Video
WOOT2021 - Tristan Claverie, José Lopes Esteves - BlueMirror: Reflections on Bluetooth Pairing and Provisioning Protocols Video
Hardwear.io NL 2021 - Tristan Claverie, José Lopes Esteves - BlueMirror: Defeating Authentication In Bluetooth Protocols Video
BlueZ (l2ping, gatttool, hciconfig, hcidump, hcitool, sdptool, bccmd, bluetoothctl, etc.) Link
BTLEmap Github
Sniffle Github
Bettercap Github
sparrow-wifi Github
bluelog Github
btsniffer Github
Blue Hydra Github
btlesniffer Github
btscanner Link
BT Audit Link
redfang Gitlab
bleah (deprecated, replaced by Bettercap) Github
Btlejack Github
crackle Github
btcrack Github
BLE-Replay Github
BLESuite-CLI Github
BlueMaho Gitlab
BlueDiving Sourceforge
Blooover Link
l2ping (BlueSmack DoS) Link
hidattacl Link
Blue Deauth Github
bluepot Github
nRF Connect for Mobile Google Play
Nordic Semiconductor nRF-51 Development Kit Link
Sena UD-100 (~$39) Link
Ubertooth One (~$120) Link
Ellisys Bluetooth Tools Link
Frontline Bluetooth Tools Link
Wireshark: Protocol analyzer and packet capture Link
Frontline Wireless Protocol Suite (Windows only) Link
Uberducky (BLE-triggered rubber ducky) Github
CarWhisperer: Bluetooth sniffer for in-vehicle connections Link
BLEBoy: BLE testing platform Github
Bluetooth Core Specifications Link
NIST Special Publication (SP) 800-121 revision 2 Link
BlueBorne
Black Hat Europe 2017
No Notice
BR/EDR
CVE-2017-8628, CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785, CVE-2017-14315, CVE-2017-1000250, CVE-2017-1000251, CVE-2017-14315, CVE-2017-1000410
Bleedingbit
2018
No Notice
LE
CVE-2018-7080, CVE-2018-16986
Fixed Coordinate Invalid Curve Attack
2018
No Video
BR/EDR/LE
CVE-2018-5383
SweynTooth
2019
No Notice
LE
CVE-2019-16336, CVE-2019-17060, CVE-2019-17061, CVE-2019-17517, CVE-2019-17518, CVE-2019-17519, CVE-2019-17520, CVE-2019-19192, CVE-2019-19193, CVE-2019-19194, CVE-2019-19195, CVE-2019-19196, CVE-2020-10061, CVE-2020-10069, CVE-2020-13593, CVE-2020-13594, CVE-2020-13595
KNOB
USENIX 2019
BR/EDR
CVE-2019-9506
BIAS
IEEE S&P 2020
BR/EDR
CVE-2020-10135
Pairing Method Confusion
2020
No Video
BR/EDR/LE
CVE-2020-10134
BlueFrag
2020
No Paper
No Video
No Notice
Android
CVE-2020-0022
Spectra
Black Hat USA 2020
TBD
No Notice
WiFi+BT modules
CVE-2019-15063, CVE-2020-10367, CVE-2020-10368, CVE-2020-10369, CVE-2020-10370
BLURtooth
2020
No site
No Paper
No Video
BR/EDR+LE
CVE-2020-15802
BLESA
WOOT 2020
No Notice
LE
CVE-2020-9770
BleedingTooth
2020
No Notice
Linux
CVE-2020-12351, CVE-2020-12352, CVE-2020-24490
BlueMirror
WOOT 2021
BR/EDR/LE/Mesh
CVE-2020-26555, CVE-2020-26556, CVE-2020-26557, CVE-2020-26558, CVE-2020-26559, CVE-2020-26560
InjectaBLE
IEEE DSN 2021
No Video
LE
CVE-2021-31615
BrakTooth
2021
No Notice
BR/EDR
CVE-2021-28135, CVE-2021-28136, CVE-2021-28139, CVE-2021-28155, CVE-2021-31717, CVE-2021-31609, CVE-2021-31611, CVE-2021-31612, CVE-2021-31613, CVE-2021-31785, CVE-2021-31786, CVE-2021-31610, CVE-2021-34143, CVE-2021-34144, CVE-2021-34145, CVE-2021-34146, CVE-2021-34147, CVE-2021-34148, CVE-2021-34149, CVE-2021-34150