SweynTooth - Unleashing Mayhem over Bluetooth Low Energy

Explore the vulnerabilities in Bluetooth Low Energy (BLE) protocol implementations through this 25-minute conference talk from USENIX ATC '20. Dive into the SweynTooth framework, a systematic and comprehensive testing approach developed to fuzz BLE protocol implementations effectively. Learn about the state machine model incorporated in the framework, the fuzzing process, and how it exposes anomalies in BLE devices. Discover the impact of this research, which led to the discovery of 11 new vulnerabilities and 13 new CVE IDs across 12 devices from eight vendors and four IoT products. Gain insights into BLE security testing, fuzzing techniques, and the importance of protocol compliance in IoT devices.

Sweyn Tooth: Unleashing Mayhem over Bluetooth Low Energy
Why the Mayhem?
A look into Bluetooth flavours - Past Vulnerabilities
Bluetooth Low Energy Overview Can we test BLE security ourselves with off the shelve hardware?
Testing Security by Fuzzing Is it possible to apply fuzzing to lower-level over the air communication?
Introducing a non-compliant controller implementation! Setup
Fuzzer Arquitecture Overview Peripheral Smart Home
Fuzzing BLE Layers - Fields mutation
Fuzzing BLE Layers - Out of order sequences
Validation Strategy - Exemplified
Optimization
Evaluation - Setup
Evaluation - Comparison
Impact - Non-compliance in the wild!
Conclusion
Thank you Questions?