awesome-bluetooth-security
Bluetooth security resource hub
A curated list of resources and research papers on Bluetooth security vulnerabilities, tools, and techniques.
List of Bluetooth BR/EDR/LE security resources
521 stars
12 watching
49 forks
last commit: almost 2 years ago
Linked from 1 awesome list
awesomeawesome-listblebluetoothbluetooth-hackingbluetooth-low-energybluetooth-securitypenetration-testingpentestingsecurity
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Notable Vulnerabilities | |||
| Site | |||
| Paper | |||
| Video | |||
| Site | |||
| Paper | |||
| Video | |||
| Site | |||
| Paper | |||
| Video | |||
| SIG Notice | |||
| Site | |||
| Paper | |||
| Video | |||
| Site | |||
| Paper | |||
| Video | |||
| SIG Notice | |||
| Site | |||
| Paper | |||
| Video | |||
| SIG Notice | |||
| Site | 7 | almost 5 years ago | |
| Paper | |||
| SIG Notice | |||
| Article | |||
| Abstract | |||
| Video | |||
| Site | |||
| Paper | |||
| Video | |||
| SIG Notice | |||
| Site | |||
| Paper | |||
| Video | |||
| Site | |||
| Writeup | |||
| Video | |||
| Site | |||
| Paper | |||
| Video | |||
| Multiple SIG Notices | |||
| Site | 56 | over 3 years ago | |
| Paper | |||
| SIG Notice | |||
| Site | |||
| Paper | |||
| Video | |||
| SIG Notice | |||
| SIG Notice | |||
| Site | |||
| Paper | |||
| SIG Notice | |||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Conference Talks / 2003 | |||
| Video | DEF CON 11 - Bruce Potter - Bluetooth - The Future of Wardriving | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Conference Talks / 2004 | |||
| Video | 21C3 - Marcel Holtmann, Martin Herfurt, Adam Laurie - Bluetooth Hacking | ||
| Video | Black Hat USA 2004 - Adam Laurie, Martin Herfurt - BlueSnarfing The Risk From Digital Pickpockets | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Conference Talks / 2005 | |||
| Video | 22C3 - Marcel Holtmann, Martin Herfurt, Adam Laurie - Bluetooth Hacking - The State of The Art | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Conference Talks / 2006 | |||
| Video | 23C3 - Thierry Zoller, Kevin Finistere - Bluetooth Hacking Revisited | ||
| Video | Black Hat USA 2006 - Bruce Potter - Bluetooth Defense Kit Black Hat | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Conference Talks / 2007 | |||
| Video | DeepSec 2007 - Marcel Holtmann - New Security Model of Bluetooth 2.1 | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Conference Talks / 2009 | |||
| Video | DEF CON 17 - Dominic Spill, Michael Ossmann, and Mark Steward - Bluetooth Smells like Chicken | ||
| Video | Shmoocon 2009 - Bluetooth-Ossman.m4v | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Conference Talks / 2010 | |||
| Video | Shmoocon 2010 - Michael Ossmann - Bluetooth Keyboards: Who Owns Your Keystrokes? | ||
| Video | DEF CON 18: Breaking Bluetooth by Being Bored 1/3 | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Conference Talks / 2011 | |||
| Video | ShmooCon 2011 - Project Ubertooth: Building a Better Bluetooth Adapter | ||
| Video | DeepSec 2011 - Tommi Makila & Jukka Taimisto: Intelligent Bluetooth Fuzzing - Why bother? | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Conference Talks / 2012 | |||
| Video | Ruxcon 2012 - Dominic Spill - Bluetooth Packet Sniffing Using Project Ubertooth | ||
| Video | Toorcon 2012 - Hacking Bluetooth Low Energy: I Am Jack's Heart Monitor | ||
| Video | DEF CON 20 - Passive Bluetooth Monitoring in Scapy | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Conference Talks / 2013 | |||
| Video | USENIX WOOT 2013 - Mike Ryan - Bluetooth: With Low Energy Comes Low Security | ||
| Video | ShmooCon 9 - How Smart Is Bluetooth Smart? | ||
| Video | Black Hat USA 2013 - Bluetooth Smart: The Good, the Bad, the Ugly, and the Fix! | ||
| Video | DeepSec 2013 - Veronica Valeros & Sebastian Garcia: Uncovering your Trails - Privacy Issues of Bluetooth Devices | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Conference Talks / 2014 | |||
| Video | CanSecWest 2014 - Outsmarting Bluetooth Smart | ||
| Video | DEF CON 22 - The NSA Playset Bluetooth Smart Attack Tools | ||
| Video | DEF CON 22 - Grant Bugher - Detecting Bluetooth Surveillance Systems | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Conference Talks / 2015 | |||
| Video | DEF CON 23 - Mike Ryan and Richo Healey - Hacking Electric Skateboards | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Conference Talks / 2016 | |||
| Video | DEF CON 24 - Anthony Rose, Ben Ramsey - Picking Bluetooth Low Energy Locks a Quarter Mile Away | ||
| Video | DEF CON 24 - Realtime Bluetooth Device Detection with Blue Hydra | ||
| Video | DEF CON 24 Internet of Things Village Damien Cauquil Btlejuice The Bluetooth Smart Mitm Framework | ||
| Video | Black Hat USA 2016 - Gattacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool | ||
| Video | Hack.lu 2016 - Damiel Cauquil - BtleJuice: the Bluetooth Smart Man In The Middle Framework | ||
| Video | EMF16 - Michael Ossmann - My Ubertooth Year | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Conference Talks / 2017 | |||
| Video | Black Hat Europe 2017 - Ben Seri, Gregory Vishnepolsky - BlueBorne - A New Class of Airborne Attacks | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Conference Talks / 2018 | |||
| Video | DEF CON 26 - Damien Cauquil - You had better secure your BLE devices | ||
| Video | 35C3 - Dennis Mantz and Jiska Classen - Dissecting Broadcom Bluetooth | ||
| Video | MRMCD2018 - Dennis Mantz and Jiska Classen - A Deep Dive into Bluetooth Controller Firmware | ||
| Video | Black Hat Europe 2018 - Ben Seri, Dor Zusman - BLEEDINGBIT Your APs Belong to Us | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Conference Talks / 2019 | |||
| Video | DEF CON 27 - Damien Cauquil - Defeating Bluetooth Low Energy 5 PRNG for Fun and Jamming | ||
| Video | USENIX Security '19 - Pallavi Sivakumaran - A Study of the Feasibility of Co-located App Attacks against BLE | ||
| Video | RSA 2019 - Mike Ryan - Bluetooth Reverse Engineering: Tools and Techniques | ||
| Video | Hardwear.io USA 2019 - Mike Ryan - Bluetooth Hacking: Tools And Techniques | ||
| Video | Hardwear.io Netherlands 2019 - Sultan Qasim Khan - Sniffle: A low-cost sniffer for Bluetooth 5 | ||
| Video | MRMCD2019 - Dennis Mantz and Jiska Classen - Playing with Bluetooth | ||
| Video | BruCON 0x0B - Damien Cauquil - Defeating Bluetooth Low Energy 5 PRNG for fun and jamming | ||
| Video | Hack.LU 2019 - Damien Cauquil - Defeating Bluetooth Low Energy 5 PRNG For Fun And Jamming | ||
| Video | CyberCamp19 - Pablo González - Audit and hacking to Bluetooth Low-Energy (BLE) devices | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Conference Talks / 2020 | |||
| Video | Hardwear.io Virtual Con 2020 - Daniele Antonioli - From Bluetooth Standard to Standard Compliant 0-days | ||
| Video | DEF CON 28 - Jiska Classen and Francesco Gringoli - Spectra — New Wireless Escalation Targets | ||
| Video | DEF CON 28 - Maxine Filcher - The Basics Of Breaking BLE v3 | ||
| Video | USENIX WOOT 2020 - Jianliang Wu - BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy | ||
| Video | USENIX WOOT 2020 - Dennis Heinze, Jiska Classen, Matthias Hollick - ToothPicker: Apple Picking in the iOS Bluetooth Stack | ||
| Video | USENIX 2020 - Yue Zhang - Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks | ||
| Video | Black Hat Europe 2020 - Wang Yu - Please Make a Dentist Appointment ASAP: Attacking IOBluetoothFamily HCI and Vendor-Specific Commands | ||
| Video | Ekoparty 2020 - Cecilia Pastorino and Dan Borgogno - Bluetooth Low Energy Hacking 101 | ||
| Video | rC3 2020 - Jiska Classen - Exposure Notification Security | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Conference Talks / 2021 | |||
| Video | CCC #DiVOC2020 - Jiska Classen - Finding Eastereggs in Broadcom's Bluetooth Random Number Generator | ||
| Video | CCC #DiVOC2020 - Jan Ruge - No PoC? No Fix! - A sad Story about Bluetooth Security | ||
| Video | WOOT2021 - Tristan Claverie, José Lopes Esteves - BlueMirror: Reflections on Bluetooth Pairing and Provisioning Protocols | ||
| Video | Hardwear.io NL 2021 - Tristan Claverie, José Lopes Esteves - BlueMirror: Defeating Authentication In Bluetooth Protocols | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Bluetooth Security Tools / Linux Utilities & Tools | |||
| Link | BlueZ (l2ping, gatttool, hciconfig, hcidump, hcitool, sdptool, bccmd, bluetoothctl, etc.) | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Bluetooth Security Tools / Scanners & Sniffers | |||
| Github | 171 | over 1 year ago | BTLEmap |
| Github | 891 | about 1 year ago | Sniffle |
| Github | 16,919 | 12 months ago | Bettercap |
| Github | 1,256 | over 1 year ago | sparrow-wifi |
| Github | 121 | over 6 years ago | bluelog |
| Github | 45 | over 5 years ago | btsniffer |
| Github | Blue Hydra | ||
| Github | 146 | over 2 years ago | btlesniffer |
| Link | btscanner | ||
| Link | BT Audit | ||
| Gitlab | redfang | ||
| Github | 1,096 | over 6 years ago | bleah (deprecated, replaced by Bettercap) |
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Bluetooth Security Tools / Exploit Tools | |||
| Github | 1,932 | over 1 year ago | Btlejack |
| Github | 849 | about 4 years ago | crackle |
| Github | 48 | over 11 years ago | btcrack |
| Github | 127 | about 9 years ago | BLE-Replay |
| Github | 31 | over 9 years ago | BLESuite-CLI |
| Gitlab | BlueMaho | ||
| Sourceforge | BlueDiving | ||
| Link | Blooover | ||
| Link | l2ping (BlueSmack DoS) | ||
| Link | hidattacl | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Bluetooth Security Tools / OBEX Attack Tools | |||
| Download | obexstress | ||
| Gitlab | bluesnarfer | ||
| Github | 79 | about 5 years ago | nOBEX |
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Bluetooth Security Tools / Fuzzing | |||
| Github | 238 | about 4 years ago | Toothpicker |
| Github | 22 | about 10 years ago | bss (unsupported) |
| Link | Defensics (Commercial) | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Bluetooth Security Tools / Firmware Analysis | |||
| Github | 694 | about 1 year ago | InternalBlue |
| Github | 439 | almost 2 years ago | Frankenstein |
| Github | 2,476 | about 1 year ago | Nexmon |
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Bluetooth Security Tools / Man-in-the-middle & Packet Injection | |||
| Github | 754 | about 7 years ago | BtleJuice |
| Github | 715 | almost 4 years ago | Gattacker |
| Github | 739 | about 1 year ago | BTLE (for SDRs) |
| Github | 516 | over 5 years ago | (Unsupported) Btproxy |
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Bluetooth Security Tools / Device Spoofing | |||
| Gitlab | Spooftooph | ||
| Github | 29 | over 12 years ago | Bluefog |
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Bluetooth Security Tools / Ping & Signal Strength Tools | |||
| Github | 17 | about 5 years ago | blue_sonar |
| Gitlab | BlueRanger | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Bluetooth Security Tools / Denial of Service | |||
| Github | 176 | about 3 years ago | Blue Deauth |
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Bluetooth Security Tools / Honeypot | |||
| Github | 245 | almost 5 years ago | bluepot |
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Bluetooth Security Tools / Android Apps | |||
| Google Play | nRF Connect for Mobile | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Bluetooth Security Tools / Hardware | |||
| Link | Nordic Semiconductor nRF-51 Development Kit | ||
| Link | Sena UD-100 (~$39) | ||
| Link | Ubertooth One (~$120) | ||
| Link | Ellisys Bluetooth Tools | ||
| Link | Frontline Bluetooth Tools | ||
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Bluetooth Security Tools / Other | |||
| Link | Wireshark: Protocol analyzer and packet capture | ||
| Link | Frontline Wireless Protocol Suite (Windows only) | ||
| Github | 108 | almost 7 years ago | Uberducky (BLE-triggered rubber ducky) |
| Link | CarWhisperer: Bluetooth sniffer for in-vehicle connections | ||
| Github | 41 | about 6 years ago | BLEBoy: BLE testing platform |
Awesome Bluetooth Security (BR, EDR, LE, and Mesh) / Useful Sites | |||
| Link | List of Bluetooth bugs | ||
| Github | 400 | over 2 years ago | Bluetooth arsenal tool list |
| Link | trifinite Bluetooth info | ||
| Link | Mike Ryan's Bluetooth info | ||
| Link | Colin Mulliner's Bluetooth info | ||
| Link | BlackArch Linux tool list | ||
| Link | Bluetooth pen test framework | ||
sbilly/awesome-security
google/ios-webkit-debug-proxy
libimobiledevice/usbmuxd