BruCON 0x0B has ended
Friday, October 11 • 11:00 - 12:00
Defeating Bluetooth Low Energy 5 PRNG for fun and jamming

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Bluetooth Low energy version 5 has been published in late 2016, but we still have
no sniffer supporting this specific version (and not that much compatible devices
as well). The problem is this new version introduces a new channel hopping algorithm
that renders previous sniffing tools useless as devices can no longer be attacked
and connections analyzed. This new algorithm is based on a brand new pseudo-random
number generator (PRNG) to provide better collision avoidance while kicking out
all of our good old sniffing tools.

Unless some random hacker manages to break this not-that-strong PRNG and upgrades
his BLE sniffing tool to support this algorithm ;). In this talk, we will explain
why this PRNG is vulnerable and how it can be easily defeated to sniff and jam
communications between two BLE 5 devices. A new version of BtleJack will be
released during this talk, providing an efficient way to sniff BLE 5 connections
to our fellow IoT hacker family.

avatar for Damien Cauquil

Damien Cauquil

Damien is a senior security researcher who joined Digital Security in 2015 asthe head of research and development. He discovered how wireless protocols canbe fun to hack and quickly developed BtleJuice, one of the first Bluetooth LowEnergy MitM framework, and BtleJack, a BLE swiss-army... Read More →

Friday October 11, 2019 11:00 - 12:00 CEST
01. Westvleteren University