Crowdsourcing Bluetooth identity, to understand Bluetooth vulnerability

Xeno Kovah
February, 2025
Cite DistrictCon Slides (PDF) DistrictCon Presentation Video Blue2thprinting Code CLUES Schema/Data BTIDES Schema

Abstract

Bluetooth vulnerability assessment is still in the dark ages. We still don’t have a good handle on all the devices that are affected by the exploitable-over-the-air vulnerabilities that we disclosed in Texas Instruments and Silicon Labs firmware back in 2020. But we’ve been chipping away at the problem!

We released “Blue2thprinting” in 2023 as our starting point towards something akin to nmap OS fingerprinting, but with a focus on learning what we could about the specific Bluetooth chip or firmware versions, to identify known-vulnerable versions. We delved into the thousands of pages of Bluetooth specs to extract bits and pieces, packets and profiles, that had interesting information to share about what a device is.

But even as we continue to add new types of data to enrich our understanding of what devices are, and whether they’re vulnerable to known CVEs, there’s just so much that’s still unknown! In this talk we’ll discuss the updates to Blue2thprinting to allow for P2P researcher data sharing and crowdsourcing, and how that can help broaden the global knowledge of Bluetooth vulnerability applicability. And we’ll also highlight the ridiculous number of tantalizing known unknowns; and encourage you to join the BlueCrew on our Journey Into Mystery!

Type
Conference paper
Publication
In DistrictCon 2025-02-22
Bluetooth toothprinting 2thprinting fingerprinting active-scanning vulnerability assessment Bluetooth security Bluetooth Low Energy BLE Bluetooth Classic Bluetooth BR-EDR
Xeno Kovah
Xeno Kovah
Dark Mentor Level X

Hacking firmware like it’s no big deal.