Please note: the training ticket does not include access to the conference. Similarly, the conference ticket does not grant access to the trainings. If you have any questions, reach out to us.
It's pretty fun to hack things wirelessly! And hey, it turns out there's literally *billions* of Bluetooth Low Energy (BLE) things sold per year, so let's learn how to hack those!
In this class you will become an expert in all things BLE! You will be given a guided tour of the entire BLE protocol stack in a bottom up fashion. We will stop to admire and understand vulnerabilities applicable to the different stack levels, whether fundamental protocol-level vulnerabilities, or past implementation vulnerabilities. And we will learn by doing as we proceed through numerous labs at every level where we examine the interactions between a custom Android phone application, and a piece of hardware with custom firmware, which is typical of BLE usage.
Introduction
Your own laptop with VMware installed, capable of running an x86-based Ubuntu VM (which will have all the Bluetooth tools and firmware compilation environment pre-installed.)
Student must be comfortable reading C code if they want to modify or fix the Ultra Vulnerable Peripheral
The instructors will provide an Android phone, Bluetooth dongle for running a custom firmware, and various other Bluetooth dongles for sniffing and spoofing traffic, and a USB hub for plugging everything in. If you're paranoid about "BadUSB" attacks, you should bring a laptop that you're going to wipe afterwards, because we're going to be plugging in a *lot* of USB hardware to aid in learning about Bluetooth!
Veronica, is a researcher who has created and released multiple over-the-air arbitrary code execution exploits which target Bluetooth chip firmware. She presented these attacks at BlackHat USA 2020. In 2018 she founded the security consultancy Dark Mentor LLC. She has previously worked at companies like Tesla on vehicular security and NSA as an adjunct instructor and Capability Development Specialist developing CNE tools for embedded systems. She is currently using her background in reverse engineering and exploitation to specialize in the security analysis of Bluetooth systems.
Xeno Kovah began leading Windows kernel-mode rootkit detection and defense research projects at MITRE in 2009, before moving into research on BIOS security in 2011. His team's first public talks started appearing in 2013, which led to a flurry of presentations on BIOS-level vulnerabilities up through 2014. In 2015 he co-founded LegbaCore. And after presenting a firmware worm that could spread between Macs via Apple's EFI-based BIOS and Thunderbolt Ethernet adapters, he ended up working for Apple. There he worked on securing all the lesser-known firmwares on Macs and peripherals - everything from 3rd party GPUs to SecureBoot for monitors! He worked on the x86-side of the T2 SecureBoot architecture, and his final project was leading the M1 SecureBoot architecture - being directly responsible for designing a system that could provide iOS-level security, while still allowing customer choice to trust arbitrary non-Apple code such as Linux bootloaders. He left Apple in Dec 2020 after the M1 Macs shipped, so he could work full time on OpenSecurityTraining2.