This article is part of the IoT article series that demonstrates how IoT devices can be hacked – some mitigations are recommended at the end of the article. Today we will talk about the security posture of a smart lock, which features fingerprint and wireless unlocking. We will analyze the communication between an android application…
In this article, we will try to reverse engineer the application to acquire the required characteristics needed to set up a rogue BLE peripheral. The goal is to find how to simulate the real device without having the device itself, explore the communication protocol and the kind of exchanged data. Then, we will be able…
Use BLE:Bit tool to PenTest IoT devices. We provide full guidance and an android app for the lazy ones. Pentest IoT with BLE:Bit Use BLE:Bit to pentest new IoT devices. We provide a full guide for Bluetooth Low Energy.Receive Guidance for SDK and Android ApplicationBLE:Bit is currently the state of the art in Bluetooth Low…
Introduction to Bluetooth Low Energy – 50.000 ft: Bluetooth Low Energy (BLE) is based on Bluetooth classic. However, in Bluetooth low energy protocol, energy matters more than anything else! The BLE protocol is based on the most basic and important principle: low power consumption. A BLE device can be powered for a year; non-stop, by…
Introduction This article is part of a series which educates people on how to properly conduct a penetration test on IoT devices. The IoT Pentest Series will start the hacking journey with Bluetooth Low Energy protocol. This article analyzes a commercial padlock and discusses the different phases a penetration tester shall follow when pen-testing a…
BLE:Bit : The first of its kind Bluetooth Low Energy Penetration Testing Security Assessment Device. What is BLE:Bit – The state of the art in Bluetooth Low Energy Hacking Often penetration testers wish to make a quick check, automated check of IoT devices that support multiple protocols. There are different stacks and libraries that can be…
The goal of this article is to educate how to properly configure BLE:Bit by using the BLE:Bit sdk v1.5, in order to build a high-level brute-force device in case the target peripheral, is using a static key – a very possible scenario, especially when the pairing method is display-only. This kind of attack is very…
