Talk: Bluetooth Low Energy Unmasked: High-Impact Insights From Scalable Device Hunting

Remy shares his experience building custom hardware for a scalable Bluetooth Low Energy (BLE) survey, discussing problems encountered, and providing a replicable solution that the audience can implement for approximately $100 (no soldering required).

The presentation begins with a brief overview of high-level patterns observed in collected real-world data from this hardware, followed by a detailed methodology for remotely identifying Bluetooth devices by using the Generic Attribute Profile (GATT) signatures of the device’s companion Android apps. To demonstrate the practical applications of this research, Remy showcases how real-world data and remote identifications were used to locate a specific device “out of thin air.”

This demonstration culminates in highlighting a critical vulnerability: achieving remote code execution on a high-end router and issuing a call to action for collaborative Bluetooth research on real world data.

Slides: BLUETOOTH_LOW_ENERGY_UNMASKED.pdf