Bluetooth Security Timeline — By @XenoKovah of @DarkMentorLLC

This TiddlyWiki contains the following tiddlers:

"Niño" Man-In-The-Middle Attack on Bluetooth Secure Simple Pairing
$:/config/RelinkOnRename
$:/core
$:/DefaultTiddlers
$:/isEncrypted
$:/SiteSubtitle
$:/SiteTitle
$:/state/advancedsearch/currentTab
$:/state/tab--1498284803
$:/state/tab/sidebar--595412856
$:/status/RequireReloadDueToPluginChange
$:/StoryList
$:/themes/tiddlywiki/snowwhite
$:/themes/tiddlywiki/vanilla
A Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link
A Bluetooth GoodFET for the N900
A Low Energy Profile: Analysing Characteristic Security on BLE Peripherals
A Practical Approach to Attacking IoT Embedded Designs (II)
A PSD-based fingerprinting approach to detect IoT device spoofing
A Remote Attack on the Bosch Drivelog Connector Dongle
A Story About Three Bluetooth Vulnerabilities in Android
A Study of the Feasibility of Co-located App Attacks against BLE and a Large-Scale Analysis of the Current Application-Layer Security Landscape
A Tale of Reversing the Android-based Snow2 HUD
Access Your Tesla without Your Awareness: Compromising Keyless Entry System of Model 3
All your Bluetooth is belong to us
An experimental study: RF Fingerprinting of Bluetooth devices
An overview of bluetooth device discovery and fingerprinting techniques – assessing the local context
Analog Physical-Layer Relay Attacks with Application to Bluetooth and Phase-Based Ranging
Analysis: AndroidAppRE
Android Bluetooth Vulnerabilities in the March 2018 Security Bulletin
Attacks on the Pairing Protocol of Bluetooth v2.1
AttackSurface: ADV_EXT_IND
AttackSurface: ADV_IND
AttackSurface: Apple Fast Connect
AttackSurface: Application
AttackSurface: ATT
AttackSurface: Basic Imaging Profile (BIP)
AttackSurface: Battery Drain
AttackSurface: BIAS
AttackSurface: BLE Audio
AttackSurface: BLE LL
AttackSurface: BNEP
AttackSurface: Brute Force
AttackSurface: BT Mesh
AttackSurface: Co-located Apps on Paired Device
AttackSurface: Command Injection
AttackSurface: CONNECT_IND
AttackSurface: Cryptography
AttackSurface: Custom Cryptography
AttackSurface: Design
AttackSurface: Downgrade Attacks
AttackSurface: Extended Inquiry Response
AttackSurface: Fault Injection
AttackSurface: Firmware Update Parsing
AttackSurface: GATT
AttackSurface: Hardcoded Cryptographic Key
AttackSurface: HCI
AttackSurface: HID over BT
AttackSurface: Impersonation
AttackSurface: Information Disclosure
AttackSurface: Insecure Firmware Update
AttackSurface: JTAG
AttackSurface: Key Agreement Protocols
AttackSurface: Keystroke/Mouse Injection over BT
AttackSurface: KNOB
AttackSurface: L2CAP
AttackSurface: Logic Bugs
AttackSurface: MitM
AttackSurface: No Authentication
AttackSurface: OBEX
AttackSurface: Pairing
AttackSurface: PAN Profile
AttackSurface: Phone Book Access Profile (PBAP)
AttackSurface: PHY
AttackSurface: Plaintext Communications
AttackSurface: PRNG
AttackSurface: Relay Attack
AttackSurface: Replay Attack
AttackSurface: RF Physical Signal Analysis
AttackSurface: RFCOMM
AttackSurface: SCAN_RES
AttackSurface: SDP
AttackSurface: Serial
AttackSurface: Shared Memory
AttackSurface: SMP
AttackSurface: Social Engineering
AttackSurface: Spoofing
AttackSurface: State Confusion
AttackSurface: Timing
AttackSurface: Tracking
AttackSurface: USB Physical Access
Automatic Fingerprinting of Vulnerable BLE IoT Devices with Static UUIDs from Mobile Apps
Backdooring the Front Door
BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals
BIAS: Bluetooth Impersonation AttackS
Blacktooth: Breaking through the Defense of Bluetooth in Silence
BladeRF 2023.02 Release – 122.88MHz instantaneous bandwidth
BLE injection-free attack: a novel attack on bluetooth low energy devices
BLE Proximity Authentication Vulnerable to Relay Attacks
BLE-Replay
BLEEDINGBIT: The Hidden Attack Surface Within BLE Chips
BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution
BLEMystique
BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy
BLESuite
Blind My - An Improved Cryptographic Protocol to Prevent Stalking in Apple’s Find My Network
Blooover
Blooover II
Blucat: Netcat For Bluetooth
Blue Picking: Hacking Bluetooth Smart Locks
Blue’s Clues: Practical Discovery of Non-Discoverable Bluetooth Devices
Blue2thprinting (blue-[tooth)-printing]: answering the question of 'WTF am I even looking at?!'
BlueBorne
BlueBump
BlueChop
BlueDump
Bluefog
BlueID: A Practical System for Bluetooth Device Identification
bluejackq.com (bluejacking)
BlueMaster: Bypassing and Fixing Bluetooth-based Proximity Authentication
BlueMirror: Reflections on Bluetooth Pairing and Provisioning Protocols
Blueprinting - Remote Device Identification based on Bluetooth Fingerprinting Techniques
BlueShield: Detecting Spoofing Attacks in Bluetooth Low Energy Networks
BlueSmack
BlueSnarf++
Bluesnarfing - The Risk From Digital Pickpockets
Bluesnarfing @ CeBIT 2004
Bluesniff - The Next Wardriving Frontier
BlueSniff: Eve meets Alice and Bluetooth
BlueSpy – Spying on Bluetooth conversations
BlueSteal: Popping GATT Safes
bluestumbler.org ("SNARF" and "BACKDOOR" attacks)
Bluetooone
Bluetooth Attacks: From theory to practice (BlueTrust)
Bluetooth Blues: Unmasking CVE 2023-52709 The TI BLE5-Stack Attack
Bluetooth Defense Kit
Bluetooth Device Identification Using RF Fingerprinting and Jensen-Shannon Divergence
Bluetooth devices fingerprinting using low cost SDR
Bluetooth Hacking
Bluetooth Hacking - The State of The Art
Bluetooth Hacking: Tools And Techniques
Bluetooth HCI HID Controller abuse RCE exploit
Bluetooth Keyboards: who owns your keystrokes?
Bluetooth Low Energy Device Identification Based on Link Layer Broadcast Packet Fingerprinting
Bluetooth Low Energy GATT Fuzzing
Bluetooth Packet Sniffing Using Project Ubertooth
Bluetooth Security Timeline
Bluetooth Vulnerabilities Fact and Fiction
Bluetooth, Smells Like Chicken
Bluetooth: Red Fang, Blue Fang.
Bluetooth: With Low Energy Comes Low Security
bluez: malicious USB devices can steal Bluetooth link keys over HCI using fake BD_ADDR, plus bluetoothd double-free
BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses
BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy
BLUUID: Firewallas, Diabetics, And… Bluetooth
BrakTooth: Causing Havoc on Bluetooth Link Manager via Directed Fuzzing
Breaking Access Controls with BLEKey
Breaking Bluetooth by Being Bored
Breaking Fitness Records without Moving: Reverse Engineering and Spoofing Fitbit
Breaking Secure Boot on the Silicon Labs Gecko platform
Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks
Breaking the Bluetooth Pairing – Fixed Coordinate Invalid Curve Attack
Breaking the Internet of Vibrating Things
BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking Ecosystem
BrokenMesh: New Attack Surfaces of Bluetooth Mesh
BSAM - Bluetooth Security Assessment Methodology
BT Audit
BtleJuice: the Bluetooth Smart Man In The Middle Framework
Building a Better Bluetooth Attack Framework
Building a Modern Bluetooth Sniffer for SDRs
Busting The Bluetooth® Myth – Getting RAW Access
Cabir worm spreads via Bluetooth
Car Whisperer
Change Your BLE Passkey Like You Change Your Underwear
ChargePoint Home security research
Clashing EV Chargers in The Pentesting Arena
Commercial Vehicle Electronic Logging Device Security: Unmasking the Risk of Truck-to-Truck Cyber Worms
Conference: ACM ASIACCS
Conference: ACM CCS
Conference: ACM CODASPY
Conference: ACM IMWUT
Conference: Australian Digital Forensics Conference
Conference: Automotive Security Research Group
Conference: BlackHat ASIA
Conference: BlackHat EU
Conference: BlackHat USA
Conference: BruCON
Conference: BSides Boston
Conference: BSides Munich
Conference: CanSecWest
Conference: Chaos Communication Congress
Conference: Code Blue
Conference: COSADE
Conference: CRYPTO
Conference: DeepSec
Conference: DEF CON
Conference: Digital Verteiltes Online-Chaos (DiVOC)
Conference: Ekoparty
Conference: Fog and Mobile Edge Computing (FMEC)
Conference: Formal Methods in System Design
Conference: Hack.lu
Conference: Hacktivity
Conference: Hardwear.io NL
Conference: Hardwear.io USA
Conference: HITB AMS
Conference: HITB HKT
Conference: IARIA ICIMP
Conference: IEEE DSN
Conference: IEEE ICI
Conference: IEEE InfoCom
Conference: IEEE ISSRE
Conference: IEEE MedComNet
Conference: IEEE Pervasive Computing
Conference: IEEE PRDC
Conference: IEEE SSP
Conference: IEEE TrustCom
Conference: IoT S&P
Conference: Journal of Ambient Intelligence and Humanized Computing
Conference: Journal of Sensor and Actuator Networks
Conference: Lecture Notes in Computer Science
Conference: MobiQuitous
Conference: MobiSys
Conference: Modern Machine Learning Technologies
Conference: N/A
Conference: NASA Formal Methods
Conference: NDSS
Conference: NordSec
Conference: Nuit Du Hack
Conference: Objective by the Sea
Conference: Personal and Ubiquitous Computing
Conference: PoC || GTFO
Conference: PoPETS
Conference: RAID
Conference: REcon
Conference: RootedCon Madrid
Conference: RSA
Conference: RuxCon
Conference: Sensors
Conference: ShmooCon
Conference: SSTIC
Conference: Summercon
Conference: Symposium on Vehicles Security and Privacy (VehicleSec)
Conference: TCHES
Conference: THOTCON
Conference: ToorCon
Conference: Troopers
Conference: USENIX ATC
Conference: USENIX NSDI
Conference: USENIX Security
Conference: VirusBulletin
Conference: WiCon
Conference: WiSec
Conference: WOOT
Cracking the Bluetooth PIN
Crafted WiFI network name (SSID) leads to arbitrary command injection
CVE-2019-8853
CVE-2020-12351
CVE-2020-12352
CVE-2020-24490
CVE-2020-3847
CVE-2020-3848
CVE-2020-3849
CVE-2020-3850
CyRC Vulnerability Advisory: Denial-of-service vulnerabilities in Zephyr Bluetooth LE stack
Deep into Android Bluetooth Bug Hunting: New Attack Surfaces and Weak Code Patterns
Defeating Bluetooth Low Energy 5 PRNG for Fun and Jamming
Detecting Bluetooth Surveillance Systems
Detecting smartphone state changes through a Bluetooth based timing attack
Detecting Unwanted Location Trackers
Discontinued Privacy: Personal Data Leaks in Apple Bluetooth-Low-Energy Continuity Protocols
Disrupting Continuity of Apple’s Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL, and Wi-Fi
Dissecting the Teddy Ruxpin Reverse Engineering the Smart Bear
Do a firmware update for your AirPods – now
Don’t Give Me a Brake – Xiaomi Scooter Hack Enables Dangerous Accelerations and Stops for Unsuspecting Riders
Doping your Fitbit
Draft of 'BLE-Replay'
Draft of 'Hell2CAP 0day'
E-Spoofer: Attacking and Defending Xiaomi Electric Scooter Ecosystem
Enhancements to Bluetooth Baseband Security
Env: Android
Env: Apple
Env: Apple userspace
Env: Apple wireless accessory firmware
Env: BlueZ
Env: Broadcom Firmware
Env: Cambridge Silicon Radio (CSR) Firmware
Env: Cypress Firmware
Env: Espressif firmware
Env: Fitbit Firmware
Env: FreeRTOS
Env: Fuchsia
Env: Industry-wide
Env: iOS userspace
Env: Linux Kernel
Env: Linux kernelspace
Env: Linux userspace
Env: macOS kernelspace
Env: macOS userspace
Env: Microsoft
Env: Nordic Firmware
Env: NXP Firmware
Env: Silicon Labs Firmware
Env: Tesla Cars (Linux + Custom FW)
Env: Texas Instruments Firmware
Env: Windows kernelspace
Env: Windows userspace
Env: Wyze Cam V4 firmware
Env: Xiaomi Firmware
Env: Zephyr RTOS
ESPwn32: Hacking with ESP32 System-on-Chips
Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices
Even Black Cats Cannot Stay Hidden in the Dark: Full-band De-anonymization of Bluetooth Classic Devices
Every Byte Matters: Traffic Analysis of Bluetooth Wearable Devices
Evil Never Sleeps: When Wireless Malware Stays On after Turning Off iPhones
Examining the August Smart Lock
Exploit Millions of Pebble Smartwatches for Fun and Profit
Exploiting Bluetooth - from your car to the bank account$$
Exploiting IoT enabled BLE smart bulb security
Extracting the painful (blue)tooth
Extrapolating Formal Analysis to Uncover Attacks in Bluetooth Passkey Entry Pairing
Finding Eastereggs in Broadcom's Bluetooth Random Number Generator
Finding New Bluetooth Low Energy Exploits via Reverse Engineering Multiple Vendors' Firmwares
Finding Traceability Attacks in the Bluetooth Low Energy Specification and Its Implementations
Fingerprinting and analysis of Bluetooth devices with automata learning
Fingerprinting Bluetooth-Low-Energy Devices Based on the Generic Attribute Profile
FirmXRay: Detecting Bluetooth Link Layer Vulnerabilities From Bare-Metal Firmware
First PocketPC / WindowsCE virus found - Duts/Dust
Fixing the Volume on my Bluetooth Earbuds
For the Love of Money: Finding and exploiting vulnerabilities in mobile point of sales systems
Formal Analysis and Patching of BLE-SC Pairing
Frankenstein
From Conception to Retirement: a Lifetime Story of a 3-Year-Old Wireless Beacon System in the Wild
From Pwn2Own Automotive: Taking Over the Autel Maxicharger
GATTacking Bluetooth Smart Devices
Hacking and Exploit Development for Bluetooth Low Energy (BLE)
Hacking Bluetooth enabled mobile phones and beyond
Hacking Bluetooth Low Energy Based Applications
Hacking Bluetooth Low Energy: I Am Jack's Heart Monitor
Hacking Bluetooth Smart locks workshop
Hacking Electric Skateboards: Vehicle Research For Mortals
Hacking the Bluetooth communication of a doorbell
Hacking the Nokē Padlock
Handoff All Your Privacy – A Review of Apple’s Bluetooth Low Energy Continuity Protocol
Handoff All Your Privacy (Again)
Happy MitM – Fun and Toys in Every Bluetooth Device
Hardware implementation of Bluetooth security
Hell2CAP 0day
Hi, My Name is Keyboard
HID Attack (attacking HID host implementations)
How Privacy Leaks from Bluetooth Mouse?
How Smart Is Bluetooth Smart?
How to pick a BLE smart lock and cause "cancer" using just a mobile phone
How to Wear Your Password
Identifying the BLE Misconfigurations of IoT Devices through Companion Mobile Apps
InjectaBLE: Injecting malicious traffic into established Bluetooth Low Energy connections
Inside Job: Diagnosing Bluetooth Lower Layers Using Off-the-Shelf Devices
Inside Job: Understanding and Mitigating the Threat of External Device Mis-Bonding on Android
Intel BIOS Advisory – Memory Corruption in HID Drivers
Intelligent Bluetooth fuzzing - Why bother?
InternalBlue a Bluetooth Experimentation Framework Based on Mobile Device Reverse Engineering
Introducing the Adafruit Bluefruit LE Sniffer
Introduction to Bluetooth RFCOMM Reverse Engineering
It Was Harder to Sniff Bluetooth Through My Mask During the Pandemic...
Key Negotiation Downgrade Attacks on Bluetooth and Bluetooth Low Energy
Keys? Where we’re going, we don’t need keys
L2CAP: Possible Stack based buffer overflow in le_ecred_reconf_req()
L2Fuzz: Discovering Bluetooth L2CAP Vulnerabilities Using Stateful Fuzz Testing
Learning Bluetooth Hackery with BLE CTF
LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth Stacks
Linux Kernel: Infoleak in Bluetooth L2CAP Handling
Linux Kernel: UAF in Bluetooth L2CAP Handshake
Location Tracking of WIFI Access Point and Bluetooth Devices
Lock Picking in the Era of Internet of Things
Lockpicking in the IoT
Lost and Found: Stopping Bluetooth Finders from Leaking Private Information
Low Energy to High Energy: Hacking Nearby EV-Chargers Over Bluetooth
MagicPairing: Apple’s Take on Securing Bluetooth Peripherals
Making Smart Locks Smarter (AKA. HACKING THE AUGUST SMART LOCK)
Man-in-the-middle attacks on Secure Simple Pairing in Bluetooth standard V5.0 and its countermeasure
MASHaBLE: Mobile Applications of Secret Handshakes Over Bluetooth LE
Mass-pwning with a small IoT spy bug
Men-in-the-Middle Attack Simulation on Low Energy Wireless Devices using Software Define Radio
Method Confusion Attack on Bluetooth Pairing
Mirage: towards a Metasploit-like framework for IoT
Mirage: un framework offensif pour l'audit du Bluetooth Low Energy
Modifying a Bluetooth dongle for an external antenna
Month: 01
Month: 02
Month: 03
Month: 04
Month: 05
Month: 06
Month: 07
Month: 08
Month: 09
Month: 10
Month: 11
Month: 12
Month: April
Month: August
Month: December
Month: February
Month: January
Month: July
Month: June
Month: March
Month: May
Month: November
Month: October
Month: September
Moving from Hacking IoT Gadgets to Breaking into One of Europe's Highest Hotel Suites
My smart lock vendor disappeared and shut the servers. Long live my smart lock!
Nearby Threats: Reversing, Analyzing, and Attacking Google’s ‘Nearby Connections’ on Android
New Security Model of Bluetooth 2.1
NIST Special Publication 800-121 Rev. 2: Guide to Bluetooth Security
No need to ask the Android: Bluetooth-Low-Energy scanning without the location permission
No PoC? No Fix! - A sad Story about Bluetooth Security
nRF52 Debug Resurrection (APPROTECT Bypass)
OASIS: An Intrusion Detection System Embedded in Bluetooth Low Energy Controllers
On the Insecurity of Vehicles Against Protocol-Level Bluetooth Threats
On the susceptibility of Texas Instruments SimpleLink platform microcontrollers to non-invasive physical attacks
One for all and all for WHAD: wireless shenanigans made easy!
One GPU to Snoop Them All: a Full-Band Bluetooth Low Energy Sniffer
OOB-Write in Android ATT
Open Wounds: The last 5 years have left Bluetooth to bleed
OpenHaystack: a framework for tracking personal Bluetooth devices via Apple's massive Find My network
Org: @stake
Org: 29A
Org: 360 Alpha Lab
Org: A*Star
Org: Adafruit
Org: Airbus
Org: AL Digital Ltd.
Org: Aladdin
Org: Alibaba Group
Org: ANSSI
Org: Apple
Org: AppSec Labs
Org: Argus
Org: Armis
Org: Attify
Org: Australian National University, Canberra
Org: AV-TEST
Org: Baidu
Org: Bar-Ilan University
Org: Bell Labs
Org: BITS Pilani, Goa Campus
Org: BlueZ
Org: Booz Allen Hamilton
Org: Borys Grinchenko Kyiv University
Org: Boston University
Org: CERT UBIK
Org: Chinese Academy of Sciences
Org: Chinese University of Hong Kong
Org: CISPA
Org: City University of Hong Kong
Org: CMAND
Org: CNIL
Org: CNIT
Org: Codenomicon Ltd.
Org: Colorado State University
Org: Computest Sector 7
Org: Context Information Security
Org: Cymotive
Org: Dark Mentor LLC
Org: Dataparty
Org: DBAPP Security
Org: Didi Research America
Org: eBay
Org: Econocom Digital Security
Org: Edith Cowan University
Org: EPFL
Org: Ericsson
Org: ERNW
Org: ETAS
Org: EURECOM
Org: Faraday Future
Org: FDA
Org: FH Aargau
Org: Fordham University
Org: Fortiss
Org: Fudan University
Org: George Washington University
Org: Google
Org: GrapheneOS
Org: Graz University of Technology
Org: Great Scott Gadgets
Org: GreyNoise Intelligence
Org: Hashemite University
Org: Hewlett Packard Labs
Org: HiddenLayer
Org: ICE9 Consulting
Org: Imperial College London
Org: Indiana University, Bloomington
Org: Institute of Electronics and Computer Science
Org: Instituto Politécnico Nacional
Org: Intel
Org: Intrepidus Group
Org: IOActive
Org: iSEC Partners
Org: Israel Institute of Technology
Org: Jinan University
Org: Kaspersky
Org: Korea University
Org: KU Leuven
Org: Labsis UTNFRC
Org: Latu Seguros
Org: LAYAKK
Org: Leveldown Security
Org: Matasano Security
Org: MatesLab Hackerspace
Org: Max Planck Institute for Security and Privacy
Org: Merculite Security
Org: Michigan State University
Org: Microsoft
Org: MITRE
Org: Montana State University
Org: Morphus Labs
Org: N.runs
Org: Naval Postgraduate School
Org: NCC Group
Org: New York Institute of Technology
Org: NIST
Org: Nokia
Org: None
Org: Northeastern University
Org: NSIDE
Org: Ohio State University
Org: OPPO Amber Security Lab
Org: Opposing Force
Org: Optiv
Org: Oregon State University
Org: PCAutomotive
Org: Peking University
Org: Pen Test Partners
Org: Pentest Limited
Org: Pentester Academy
Org: PHYSEC GmbH
Org: Politecnico di Torino
Org: Positive Technologies
Org: Purdue University
Org: Pwnie Express
Org: Qualcomm
Org: Quarkslab
Org: remote-exploit.org
Org: Royal Holloway University of London
Org: Rutgers University
Org: Salzburg Research Forschungsgesellschaft m.b.H
Org: Samsung
Org: securenetwork.it
Org: SecuRing
Org: Security Compass
Org: Shandong University
Org: Shanghai Fudan Microelectronics Group Co., Ltd.
Org: Shanghai Jiao Tong University
Org: Simon Fraser University
Org: Singapore University of Technology and Design
Org: smartlockpicking.com
Org: Southeast University
Org: Southeast University, Nanjing
Org: Stanford University
Org: State Grid Jiangsu Electric Power Company Ltd., Nanjing
Org: Stripe
Org: Swiss Cyber-Defence Campus
Org: Synactive
Org: Synopsys
Org: Sysdream
Org: Tarlogic
Org: Technical University of Munich
Org: Technische Hochschule Köln
Org: Technische Universität Darmstadt
Org: Tel Aviv University
Org: Tencent Keen Security Lab
Org: The Bunker Secure Hosting Ltd.
Org: The Shmoo Group
Org: Tianjin University
Org: toothR new media GmbH
Org: Towson University
Org: trifinite.org
Org: TwoSix Labs
Org: U.S. Department of Commerce
Org: U.S. Naval Academy
Org: UMass Lowell
Org: Universidad Politécnica de Madrid
Org: Universidad Tecnológica de San Juan del Río
Org: Universidade Federal da Paraíba
Org: University at Buffalo
Org: University College London
Org: University of Brescia
Org: University of California, Irvine
Org: University of California, San Diego
Org: University of Central Florida
Org: University of Edinburgh
Org: University of Florida
Org: University of Granada
Org: University of Illinois, Urbana-Champaign
Org: University of Kansas
Org: University of Kent
Org: University of Kuopio
Org: University of Lille
Org: University of Lyon
Org: University of Massachusetts, Boston
Org: University of Michigan
Org: University of Minnesota
Org: University of Oxford
Org: University of Padua
Org: University of Patras
Org: University of Science and Technology of China
Org: University of Toulouse
Org: University of Twente
Org: University of Wollongong
Org: VicOne
Org: Virginia Tech
Org: Wuhan University
Org: Xiaomi
Org: Ziften Technologies
Org: Zimperium
Outsmarting Bluetooth Smart
Over the Air-Tag: shenanigans with the most over-engineered keyfinder
Passive Bluetooth Monitoring in Scapy
PeriScope: Comprehensive Vulnerability Analysis Of Mobile App-defined Bluetooth Peripherals
Picking Bluetooth Low Energy Locks from a Quarter Mile Away
Playing Around With The Fuchsia Operating System
Please Make a Dentist Appointment ASAP: Attacking IOBluetoothFamily HCI and Vendor-specific Commands
Please Pay Inside: Evaluating Bluetooth-based Detection of Gas Pump Skimmers
Please Unstalk Me: Understanding Stalking with Bluetooth Trackers and Democratizing Anti-Stalking Protection
Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT
Privacy Analysis of Samsung’s Crowd-Sourced Bluetooth Location Tracking System
Profile: BT Mesh
Project TEMPA - Demystifying Tesla's Bluetooth Passive Entry system
Project Ubertooth: Building a Better Bluetooth Adapter
Protecting Privacy of BLE Device Users
Protocol: BLE
Protocol: BT Classic
Protocol: BT Mesh
Protocol: CAN
RattaGATTa: Scalable Bluetooth Low-Energy Survey
Realtime Bluetooth Device Detection with Blue Hydra
Recurring Verification of Interaction Authenticity Within Bluetooth Networks
Redfang - The Bluetooth Hunter
Remotely Hacking a car through an OBD-II Bluetooth Dongle
Reverse engineering and hacking Ecovacs robots
Reverse Engineering Apple’s BLE Continuity Protocol for Tracking, OS Fingerprinting, and Behavioral Profiling
Reverse Engineering BLE from Android apps with Frida
Reverse Engineering Husqvarna Automower BLE Commands
Reversing Treadmill blog series
Saving Private Addresses: An Analysis of Privacy Issues in the Bluetooth-Low-Energy Advertising Mechanism
Screwdriving. Locating and exploiting smart adult toys
Security Evaluation of Nine Fitness Trackers
Security Vulnerabilities in Bluetooth Technology as Used in IoT
Security Weaknesses in Bluetooth
Sniffing BTLE with the Micro:Bit
Sniffle: A Sniffer for Bluetooth 5
Snoop on to them as they snoop on to us
Spectra: Breaking Separation Between Wireless Chips
Stateful Black-Box Fuzzing of Bluetooth Devices Using Automata Learning
Stealthily Access Your Android Phones: Bypass the Bluetooth Authentication
SweynTooth: Unleashing Mayhem over Bluetooth Low Energy
Take Down MacOS Bluetooth with Zero-click RCE
Taming the Blue Beast: A Survey of Bluetooth Based Threats
Tandem Diabetes Care, Inc. Recalls Version 2.7 of the Apple iOS t:connect Mobile App Used in Conjunction with t:slim X2 Insulin Pump with Control-IQ Technology Prompted by a Software Problem Leading to Pump Battery Depletion
Tech: Antennas
Tech: CodeQL
Tech: Emulation
Tech: Fingerprinting
Tech: Fuzzing
Tech: Jamming
Tech: ODB-II
Tech: SDR
Tech: Sniffing
Tech: VariantAnalysis
Tencent Keen Security Lab: Experimental Security Assessment on Lexus Cars
Tesla BluetoothLE API (Unofficial)
Tesla Radar
Testing for weak key management in Bluetooth Low Energy implementations
The Basics Of Breaking BLE v3
The BlueBag: A Mobile, Covert Bluetooth Attack and Infection Device
The Bluetooth CYBORG: Analysis of the Full Human-Machine Passkey Entry AKE Protocol
The Bluetooth Device Database
The Conditional Correlation Attack: A Practical Attack on Bluetooth Encryption
The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation Of Bluetooth BR/EDR
The NSA Playset: Bluetooth Smart Attack Tools
The tragedy of Bluetooth Low Energy
ToolUsed: Adafruit Nordic Sniffer
ToolUsed: adb
ToolUsed: AFL++
ToolUsed: Android HCI log
ToolUsed: ATT Profiler
toolused: augustpy
ToolUsed: BGXCommander
ToolUsed: BIAS PoC
ToolUsed: BleakClient
ToolUsed: Bleno
ToolUsed: Blue2thprinting
ToolUsed: bluepy
ToolUsed: BlueSpy
ToolUsed: BlueToolkit
ToolUsed: Bluetoothctl
ToolUsed: BlueTrust
ToolUsed: Braktooth
ToolUsed: Btlejack
ToolUsed: btmgmt
Toolused: btmon
ToolUsed: Burp Suite
ToolUsed: certmitm
ToolUsed: CrackLE
ToolUsed: Defensics fuzzer
ToolUsed: ESP-WROVER-KIT
ToolUsed: Ettus Research USRP B210
ToolUsed: Frida
ToolUsed: GATTacker
ToolUsed: gatttool
ToolUsed: Ghidra
ToolUsed: hcidump
ToolUsed: hcitool
ToolUsed: IDA Pro
ToolUsed: InternalBlue
ToolUsed: J-Link
ToolUsed: jadx
ToolUsed: Kismet
ToolUsed: KNOB PoC
ToolUsed: Mirage
ToolUsed: mitmproxy (HTTPS mitm)
ToolUsed: Nexus 5 phone
ToolUsed: Noble
ToolUsed: Nordic nRF52840 Dongle
ToolUsed: nRF52840-Dongle
ToolUsed: openOCD
ToolUsed: OpenOCD
ToolUsed: pactl
ToolUsed: paplay
ToolUsed: parecord
ToolUsed: PyBlueZ
ToolUsed: PyBT
ToolUsed: Pyshark
ToolUsed: RattaGATTa
ToolUsed: Scapy
ToolUsed: sdptool
ToolUsed: SniffLE
ToolUsed: Sweyntooth
ToolUsed: Ubertooth
ToolUsed: Unicorn
ToolUsed: WHAD
ToolUsed: Wireshark
ToolUsed: Xianjun Jiao BTLE SDR sniffer
ToolUsed: XIAO ESP32-S3
ToolUsed: Zephyr RTOS
ToothPicker: Apple Picking in the iOS Bluetooth Stack
Track You: A Deep Dive into Safety Alerts for Apple AirTags
Tracking Anonymized Bluetooth Devices
Tracking Prey in the Cyberforest
Tricking Android Smart Lock with Bluetooth
Turning my phone into a skimming device: MPos Solutions
Two bluetooth vulnerabilities in Windows
Type: Attack
Type: Defense
Type: Malware In The Wild
Type: Overview
Type: Privacy
Type: Reverse Engineering
Type: Tool
Uncovering Vulnerabilities of Bluetooth Low Energy IoT from Companion Mobile Apps with Ble-Guuide
Uncovering your Trails - Privacy Issues of Bluetooth Devices
Unlocking the Drive: Exploiting Tesla Model 3
Use-after-free in Android BLE audio
War Nibbling: Bluetooth Insecurity
WatchWitch
Weaponizing the BBC Micro Bit
When Good Becomes Evil: Tracking Bluetooth Low Energy Devices via Allowlist-based Side Channel and Its Countermeasure
Who Can Find My Devices? Security and Privacy of Apple’s Crowd-Sourced Bluetooth Location Tracking System
WIDCOMM Bluetooth Connectivity Software Buffer Overflows
Wireless Keystroke Injection (WKI) via Bluetooth Low Energy (BLE)
WiSec DEMO: Attaching InternalBlue to the Proprietary macOS IOBluetooth Framework
WiSec DEMO: BTLEmap: Nmap for Bluetooth Low Energy
WiSec DEMO: Extracting Physical-Layer BLE Advertisement Information from Broadcom and Cypress Chips
WiSec DEMO: Himiko: A Human Interface for Monitoring and Inferring Knowledge on Bluetooth-Low-Energy Objects
WiSec DEMO: Venom: a Visual and Experimental Bluetooth Low Energy Tracking System
Year: 2001
Year: 2003
Year: 2004
Year: 2005
Year: 2006
Year: 2007
Year: 2008
Year: 2009
Year: 2010
Year: 2011
Year: 2012
Year: 2013
Year: 2014
Year: 2015
Year: 2016
Year: 2017
Year: 2018
Year: 2019
Year: 2020
Year: 2021
Year: 2022
Year: 2023
Year: 2024
You'd better secure your BLE devices or we'll kick your butts!