BLE-Security-Attack-Defence

✨ Purpose only! The dangers of Bluetooth Low Energy(BLE)implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.

BSD-2-CLAUSE License

Stars
265
Committers
3
View Code on GitHub Visit Website
Ecosystems: Python

✨ News! ✨

  •   2020.10.13: A heap-based type confusion affecting Linux kernel 4.8 and higher was discovered in net/bluetooth/l2cap_core.c. by Google Security Research !
  •   2020.03.26: A memory corruption issue was addressed with improved input validation by Qihoo 360 Alpha Lab !

BLE Vulnerability TOP5

  • BlueBorne
  • BleedingBit
  • SweynTooth
  • BtleJuice
  • BLE-CTF

Table of Content

📂 BLE-Security-Attack&Defence
 |-- 📂 BLE Vulnerability TOP5
 |  |-- 📂 BlueBorne
 |  |-- 📂 BleedingBit
 |  |-- 📂 SweynTooth
 |  |-- 📂 BtleJuice
 |  |-- 📂 BLE-CTF
 |-- 📂 ble-stack
 |  |-- 📂 Mynewt-Nimble
 |  |-- 📂 nRF5_SDK_15.0.0_a53641a
 |  |-- 📂 PyBluez
 |  |-- 📂 LightBlue
 |-- 📂 cap - capture package
 |  |-- 📂 CrackLE
 |  |-- 📂 TI-BLTE2Pcap
 |  |-- 📂 blefuzz_V21
 |  |-- 📂 Fuzzing Bluetooth
 |-- 📂 image
 |-- 📂 tools - hardware&sofrware
 |  |-- 📂 Ubertooth
 |  |-- 📂 GATTacker
 |  |-- 📂 BladeRF
 |  |-- 📂 HackRF
 |  |-- 📂 Adafruit-BluefruitLE
 ...

Bluetooth LE Vulnerabilities

Legend:

Type Icon
Research
Slides
Video
Website / Blog post
Code
Other

Adversarial examples

Type Title Categories
BlueBorne - A New Class of Airborne Attacks that can Remotely Compromise Any Linux/IoT Device Black Hat 2017
Hack.lu 2016 BtleJuice: the Bluetooth Smart Man In The Middle Framework by Damiel Cauquil Black Hat 2016
MASHaBLE: Mobile Applications of Secret Handshakes Over Bluetooth LE Black Hat 2017
Automatic Discovery of Evasion Vulnerabilities Using Targeted Protocol Fuzzing Black Hat 2017
Effective File Format Fuzzing – Thoughts, Techniques and Results Black Hat 2016
Hacking the Wireless World with Software Defined Radio - 2.0 Black Hat 2014
Hacking the Wireless World with Software Defined Radio - 2.0+ Black Hat 2015
DEF CON 26 - Damien virtualabs Cauquil - You had better secure your BLE devices DEFCON
DEF CON 24 Wireless Village - Jose Gutierrez and Ben Ramsey - How Do I BLE Hacking DEFCON
DEF CON Safe Mode Wireless Village - FreqyXin - The Basics Of Breaking DEFCON
DEF CON 26 - Vincent Tan - Hacking BLE Bicycle Locks for Fun and a Small Profit DEFCON
DEF CON 26 WIRELESS VILLAGE - ryan holeman - BLE CTF DEFCON
DEF CON 21 - Ryan Holeman - The Bluetooth Device Database DEFCON
DEF CON 22 - Grant Bugher - Detecting Bluetooth Surveillance Systems DEFCON
KnighTV Episode 11: Hacking BLe Devices Part 1/6: Attacking August Smart Lock Pro Tutorial
Gattacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool Black Hat 2016
Bluetooth Reverse Engineering: Tools and Techniques RSA Conference 2019
Hopping into Enterprise Networks from Thin Air with BLEEDINGBIT RSA Conference 2019
漏洞预警 | BleedingBit蓝牙芯片远程代码执行漏洞 解读1 | 解读2 Analysis
BA03 Breaking the Teeth of Bluetooth Padlocks Adrian Crenshaw ShowMeCon 2016
The NSA Playset Bluetooth Smart Attack Tools DEFCON

To-Do

  • 2020.10 BleedingTooth CVE-2020-12351 CVE-2020-12352 CVE-2020-24490
  • 2020.04 BIAS CVE-2020-10135
  • 2020.03 Bluewave CVE-2020-3848 CVE-2020-3849 CVE-2020-3850
  • 2020.03 BLURtooth CVE-2020-15802
  • 2020.03 BLESA CVE-2020-9770
  • 2020.03 KNOB CVE-2019-9506

Code of Conduct

免责申明 Code of Conduct

Citation

Use this bibtex to cite this repository:

@misc{BLE Security,
  title={Bluetooth LE-Security: Method, Tools and Stack},
  author={Charmve},
  year={2020.09},
  publisher={Github},
  journal={GitHub repository},
  howpublished={\url{https://github.com/Charmve/BLE-Security-Attack-Defence}},
}

*updade on 2021/08/05 @ Charmve