Skip to content

leHACK Conferences & workshops 📅 iCal

Vulnerability analysis of a Bluetooth Low Energy padlock 🇫🇷

1Jul2023
Time: 10:00 > 10:45
Location: Zone 1 - Gaston Berger conference stage

The objective of this presentation is to analyze the security of a connected padlock using the Bluetooth Low Energy protocol, which is widely used in the Internet of Things (IoT). This study has been conducted in the context of a student project, co-supervised by INSA Toulouse and EURECOM, and highlights several critical security issues in the implementation of a connected padlock. More importantly, we describe our methodology to analyze this device. Our analysis shows that this padlock relies on a vulnerable proprietary protocol built over the applicative layers of Bluetooth Low Energy, and is representative of bad security practices in the design of BLE-enabled IoT devices. Two main methods have been used to identify vulnerabilities in this connected padlock. The first method, conducted using the Mirage framework, allows us to intercept and analyze the BLE communications between the padlock and the phone, using a Man-in-the-Middle attack. In addition, we conducted a second complementary method based on a static analysis of the code of the Android application used by the padlock, using JADX software. This method allowed us to discover the encryption algorithm in use, the associated cryptographic material and the format of messages used by the proprietary protocol. Our analysis allowed us to design and implement three over the air exploits using Mirage framework. The first exploit allows to unlock the padlock directly from a computer with Bluetooth. The second exploit allows to delete the fingerprints registered on the padlock. The third and last exploit allow to reset the padlock remotely, allowing an attacker to kick non-admin users and delete the fingerprints.

Orlaine Guetsa

Education : INP-ENSEEIHT (Master’s Degree in Computer Science and Telecommunications)
Specialization in cyber security (TLS-SEC)

Professional experience : CloudSecOps intern at Capgemini

Alexandre Goncalves

Education : INP-ENSEEIHT (Master’s Degree in Computer Science and Telecommunications)
Specialization in cyber security (TLS-SEC)

Professional experience : Cybersecurity Consultant at Wavestone (specialized in Digital Compliance)

Morgan Yaklehef

Education : INSA Toulouse (Master’s Degree in Computer Science and Network engineering)
Specialization in cyber security (TLS-SEC)

Professional experience : SOC Analyst Intern at Sopra Steria

More Conferencess

Dernières Nouvelles

OSINT VILLAGE conferences, rumps and workshops

Hey!
We’ve published the OSINT Village lineup.

OSINT is a rising topic in the Hacking community:la collecte, l'analyse et la diffusion d'informations disponibles au public et légalement accessibles.

SEE THE LINEUP

Conferences Timeline published!

We just published the conference lineup.
Workshops, Hardware village and OSINT village coming soon!