Please note: the training ticket does not include access to the conference. Similarly, the conference ticket does not grant access to the trainings. If you have any questions, reach out to us.

Training Objectives:

Bluetooth Low Energy is one of the most common and rapidly growing IoT technologies. We are immersed in surrounding BLE signals: beacons, wearables, TVs, home appliances, toothbrushes, sex toys, light bulbs, smart locks, electric scooters, cars, medical devices, crypto wallets, 2FA, banking tokens, payment terminals - to name just a few. Unfortunately the prevalence of technology does not come with security. Alarming vulnerabilities are revealed day by day – not only in individual devices’ implementations, but also generic: in the Bluetooth specification itself. And yet, the knowledge on how to comprehensively assess security of such devices still remains uncommon. This training aims to fill this gap, with the best possible - hands-on approach.

We will start with introduction to the technology - you will get familiar on how BLE works in practice by controlling your dedicated training device. We will follow with various possible attacks and tools hands-on: sniffing, fingerprinting, MITM, relay, jamming, hijacking, cracking, exploiting application layer vulnerabilities, ... Having this background we will apply the knowledge to perform security assessment of example devices: starting with threat modeling, through analysis and attack scenarios preparation, up to performing the tests and finishing with a report.

And what's best: the hardware for practical exercises, along with dedicated training firmware source code - is included, and allows you to repeat (or adjust if needed) the labs later. You will finish the training being able not only to fully assess and compromise BLE devices, but also with the equipment to do it.

What to Expect? | Key Learning Objectives:

• Solid understanding of Bluetooth Low Energy
• Common implementation pitfalls.
• Device assessment process.

Training Detailed Description:

TBD

Who Should Attend? | Target Audience:

• Pentesters, security professionals, researchers.
• BLE device designers, developers.
• Anyone interested.

What to Bring? | Software and Hardware Requirements:

• Laptop capable of running Linux x86-64 in virtual machine (VirtualBox or VMWare), and at least two USB type A ports available for VM guest.
• Android smartphone with Bluetooth 5 support will be helpful, but not obligatory (phones will be provided for participants).
• Optionally: your own BLE devices you would like to test

What to Bring? | Prerequisite Knowledge and Skills:

• Basic familiarity with Linux command-line;some pentesting experience will be helpful but not crucial.
• No previous knowledge of Bluetooth is required.
• It is recommended to try free BLE HackMe https://smartlockpicking.com/ble_hackme/ before the training – especially first few tasks that allow you to become familiar with the technology basics.

Resources Provided at the Training | Deliverables:

• Course materials – about 1500 pages, step by step instructions for hands-on exercies.
• All required additional files: source code, documentation, installation binaries, virtual machine images.
• Included hardware pack for hands-on exercises, consisting of Bluetooth 4/5 development boards, dedicated BLE device, hardware sniffer, USB dongles.

ABOUT THE TRAINERS

Speaker, trainer and IT security consultant with 20 years of experience. MSc in automatics&robotics, developed secure embedded systems certified to use by national agencies. As a pentester participated in dozens assessments of systems' and applications' security for leading financial companies, public institutions and cutting edge startups. Currently focuses on security research of various new technologies (especially Bluetooth Low Energy and NFC/RFID) and provides training in regards to security of devices - based among others on contemporary electronic access control systems and smart locks. Besides training and research provides security assessments and consultation on secure design for various software and hardware projects – preferably starting from design idea.

Despite long time ago lost count of the number of BLE devices he owns, still impulsively acquires more and more and enjoys reversing and breaking them.

Loves sharing his knowledge via trainings, workshops, talks and open source hackme’s (http://www.smartlockpicking.com/) – at BlackHat, HackInTheBox, Hardwear.io, HackInParis, Deepsec, Appsec EU, BruCon, Confidence, and many others, including private on-demand sessions.