Главная
Study mode:
on
1
Sweyn Tooth: Unleashing Mayhem over Bluetooth Low Energy
2
Why the Mayhem?
3
A look into Bluetooth flavours - Past Vulnerabilities
4
Bluetooth Low Energy Overview Can we test BLE security ourselves with off the shelve hardware?
5
Testing Security by Fuzzing Is it possible to apply fuzzing to lower-level over the air communication?
6
Introducing a non-compliant controller implementation! Setup
7
Fuzzer Arquitecture Overview Peripheral Smart Home
8
Fuzzing BLE Layers - Fields mutation
9
Fuzzing BLE Layers - Out of order sequences
10
Validation Strategy - Exemplified
11
Optimization
12
Evaluation - Setup
13
Evaluation - Comparison
14
Impact - Non-compliance in the wild!
15
Conclusion
16
Thank you Questions?
Description:
Explore the vulnerabilities in Bluetooth Low Energy (BLE) protocol implementations through this 25-minute conference talk from USENIX ATC '20. Dive into the SweynTooth framework, a systematic and comprehensive testing approach developed to fuzz BLE protocol implementations effectively. Learn about the state machine model incorporated in the framework, the fuzzing process, and how it exposes anomalies in BLE devices. Discover the impact of this research, which led to the discovery of 11 new vulnerabilities and 13 new CVE IDs across 12 devices from eight vendors and four IoT products. Gain insights into BLE security testing, fuzzing techniques, and the importance of protocol compliance in IoT devices.

SweynTooth - Unleashing Mayhem over Bluetooth Low Energy

USENIX
Add to list
#Conference Talks #USENIX Annual Technical Conference #Information Security (InfoSec) #Cybersecurity #IoT security #Vulnerability Testing #Programming #Software Development #Software Testing #Fuzzing #Computer Science #Computer Networking #Bluetooth #Bluetooth Low Energy
1 of 16

Sweyn Tooth: Unleashing Mayhem over Bluetooth Low Energy