Crowdsourcing Bluetooth identity, to understand Bluetooth vulnerability
Xeno Kovah
Bluetooth vulnerability assessment is still in the dark ages. We still don't have a good handle on all the devices that are affected by the exploitable-over-the-air vulnerabilities that we disclosed in Texas Instruments and Silicon Labs firmware back in 2020. But we've been chipping away at the problem!
We released "Blue2thprinting" in 2023 as our starting point towards something akin to nmap OS fingerprinting, but with a focus on learning what we could about the specific Bluetooth chip or firmware versions, to identify known-vulnerable versions. We delved into the thousands of pages of Bluetooth specs to extract bits and pieces, packets and profiles, that had interesting information to share about what a device is.
But even as we continue to add new types of data to enrich our understanding of what devices are, and whether they're vulnerable to known CVEs, there's just *so much* that's still unknown! In this talk we'll discuss the updates to Blue2thprinting to allow for P2P researcher data sharing and crowdsourcing, and how that can help broaden the global knowledge of Bluetooth vulnerability applicability. And we'll also highlight the ridiculous number of tantalizing known unknowns; and encourage you to join the BlueCrew on our Journey Into Mystery!
Speaker Bio:
Xeno Kovah spends ~75% of his time working on his 501(c)(3) non-profit OpenSecurityTraining2 (https://ost2.fyi), where he and others publish commercial-grade training for free, to make more awesome engineers, faster. The other 25% of his time is spent on consulting and research, primarily in the Bluetooth firmware security space. This talk is about some of that research.
