YoVDO

SweynTooth - Unleashing Mayhem over Bluetooth Low Energy

Offered By: USENIX via YouTube

Tags

USENIX Annual Technical Conference Courses IoT security Courses Vulnerability Testing Courses Fuzzing Courses Bluetooth Low Energy Courses

Course Description

Overview

Explore the vulnerabilities in Bluetooth Low Energy (BLE) protocol implementations through this 25-minute conference talk from USENIX ATC '20. Dive into the SweynTooth framework, a systematic and comprehensive testing approach developed to fuzz BLE protocol implementations effectively. Learn about the state machine model incorporated in the framework, the fuzzing process, and how it exposes anomalies in BLE devices. Discover the impact of this research, which led to the discovery of 11 new vulnerabilities and 13 new CVE IDs across 12 devices from eight vendors and four IoT products. Gain insights into BLE security testing, fuzzing techniques, and the importance of protocol compliance in IoT devices.

Syllabus

Sweyn Tooth: Unleashing Mayhem over Bluetooth Low Energy
Why the Mayhem?
A look into Bluetooth flavours - Past Vulnerabilities
Bluetooth Low Energy Overview Can we test BLE security ourselves with off the shelve hardware?
Testing Security by Fuzzing Is it possible to apply fuzzing to lower-level over the air communication?
Introducing a non-compliant controller implementation! Setup
Fuzzer Arquitecture Overview Peripheral Smart Home
Fuzzing BLE Layers - Fields mutation
Fuzzing BLE Layers - Out of order sequences
Validation Strategy - Exemplified
Optimization
Evaluation - Setup
Evaluation - Comparison
Impact - Non-compliance in the wild!
Conclusion
Thank you Questions?


Taught by

USENIX

Related Courses

Web Hacker's Toolbox - Tools Used by Successful Hackers
Packt via Coursera
Security for Hackers and Developers: Fuzzing
Pluralsight
Advanced White Hat Hacking & Penetration Testing Tutorial
Udemy
Practical Buffer Overflows for OSCP
Udemy
Intro to Fuzzing for Fun and Profit
YouTube