YoVDO

Dissecting Broadcom Bluetooth

Offered By: media.ccc.de via YouTube

Tags

Conference Talks Courses Firmware Analysis Courses Bluetooth Security Courses

Course Description

Overview

Explore the intricacies of Broadcom Bluetooth firmware in this 43-minute conference talk from the 35th Chaos Communication Congress (35C3). Dive into the InternalBlue framework, which enables experimentation with Broadcom-based Bluetooth chips, focusing on popular devices like Nexus 5, Nexus 6P, Raspberry Pi 3, and Raspberry Pi 3+. Learn about local firmware modification techniques and discover how to monitor and inject data into lower layers of the Bluetooth protocol stack. Examine security implications, including altered pairing behavior and an implementation of the ECDH key exchange attack. Uncover a new vulnerability (CVE-2018-19860) affecting various popular devices, which allows for Bluetooth stack crashes and limited function execution using only the target's Bluetooth MAC address. Gain insights into the silent patching of this vulnerability in newer firmware versions and its impact on a wide range of devices, from smartphones to laptops.

Syllabus

35C3 - Dissecting Broadcom Bluetooth


Taught by

media.ccc.de

Related Courses

Stealthily Access Your Android Phones - Bypass the Bluetooth Authentication
Black Hat via YouTube
For the Love of Money - Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems
44CON Information Security Conference via YouTube
IoT and the Security of That Mobile App - Mark Loveless
LASCON via YouTube
Fuzzing the Phone in the iPhone
media.ccc.de via YouTube
BrokenMesh - New Attack Surfaces of Bluetooth Mesh
Black Hat via YouTube