Senior IT Security Consultant at SecuRing
BLE Security Essentials
Bluetooth Low Energy (Smart, 4) is recently gaining more and more traction as one of the most common and rapidly growing IoT technologies. Unfortunatelly the prevalence of technology does not come with security. Alarming vulnerabilities in BLE smart locks, medical devices and banking tokens are revealed day by day. And yet, the knowledge on how to comprehensively assess them seems very uncommon.
In this workshop you will get familiar with the basics of BLE security. We will work on a dedicated, readily available BLE hardware nRF devkit device. You will learn how to program and flash it yourself, using special web interface and ready templates. Such approach allows to better understand how things work "under the hood", experiment with different options, and then secure the hardware properly.
From attacker's perspective, we will cover among others: sniffing, spoofing, MITM, replay and relay.
- laptop capable of running Kali Linux in VM and 2 USB ports
- mobile phone (preferably Android)
Speaker, trainer and IT security consultant with 15 years of experience. Participated in countless assessments of systems' and applications' security for leading financial companies, public institutions and cutting edge tech startups. Currently leads research on various topics in Polish software security company SecuRing and provides trainings regarding security of contemporary locks and access control systems (www.smartlockpicking.com). Beside research and training, he focuses on consulting and designing of secure solutions for various software and hardware projects, during all phases - starting from a scratch. Previously gave talks, workshops or trainings at BlackHat USA, multiple Appsec EU, HackInTheBox Amsterdam, Deepsec, HackInParis, BruCON, Confidence, Devoxx and many other events.