A Practical Introduction To BLE Security [HITB2021SIN]

Register by Aug 10 to ensure you receive your hardware pack on time for this hands-on training!

This is likely the most exhaustive and up-to-date training regarding BLE security. And it has been prepared for remote hands-on participation.

Each attendee will receive a hardware pack of 200 USD value, shipped in advance (therefore, please register as soon as possible!). The hardware  includes among others a preconfigured Android smartphone, BLE sniffer, BLE dedicated training device and Raspberry Pi (details below). With the specially arranged setup, participants will be able to perform hands-on practical exercises not only during virtual session but also any time later.

Bluetooth Low Energy is one of the most commonly used and rapidly growing IoT technologies. We are immersed in surrounding BLE signals: starting with COVID-19 contact tracing apps, through beacons, wearables, TVs, home appliances, toothbrushes, sex toys up to smart locks, medical devices and banking tokens. Unfortunately the prevalence of technology does not come with its security, resulting in alarming vulnerabilities revealed day by day. And yet, the knowledge on how to comprehensively assess security of such devices still remains rather uncommon.

This is probably the most exhaustive and up to date training regarding BLE security. Multiple hands-on exercises cover BLE sniffing, MITM, relay, jamming, hijacking, cracking, proprietary protocols, logic vulnerabilities in many real devices (dozen smart locks, U2F or banking authentication tokens, mobile PoS). And what’s best: all the hardware required is included and shipped to you in advance! Most exercises will be performed on specially developed, included training BLE device to attack, but you will also have possibility to remotely hack real ones (like smart locks) – using BLE relay proxy via Internet. You will finish the training being able not only to fully assess and compromise BLE devices, but also with the equipment to do it.

Each student will receive:

• Course materials – about 1000 pages, step by step instructions and videos
• All required additional files: source code, documentation, installation binaries, virtual machine images
• Included hardware pack of about 200 USD value for hands-on exercises, consisting of:
• Preconfigured Android smartphone with all the required applications and possibility for BLE packets capture
• Raspberry Pi (+microSD card and power adapter), with assessment tools and “hackme”.
• 2x Bluetooth 4 development board: 1 acting as sniffer (nRF, Btlejack), 1 as dedicated BLE device to interact and attack
• Bluetooth 4/5 nRF52 development board in a form of USB dongle
• ST-Link V2 SWD debugger for programming nRF boards
• 2 x Bluetooth Low Energy USB dongles
• Bluetooth 5 USB dongle