From 722bf5569b896d859d1d1a1824c357eb98139d2e Mon Sep 17 00:00:00 2001 From: engn33r Date: Tue, 8 Sep 2020 22:45:14 -0400 Subject: [PATCH 1/6] Fix formatting --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index dddfead..5d54d0b 100644 --- a/README.md +++ b/README.md @@ -27,14 +27,14 @@ Submit a PR if something is missing! ## Notable Vulnerabilities | Vulnerability name | Conference & Year published | Vulnerability website URL | Paper URL | Video URL | SIG Notice | Technology Impacted | Related CVE | -| :---- | :---------- | :-------------------------------: | -----------: | ------: | ------: | ------: | -----------: | +| :---- | :---------- | :------------------------------- | :----------- | :------ | :------ | :------ | :----------- | | BlueBorne | Black Hat Europe 2017 | [Site](https://www.armis.com/blueborne/) | [Paper](https://info.armis.com/rs/645-PDC-047/images/BlueBorne%20Technical%20White%20Paper_20171130.pdf) | [Video](https://www.youtube.com/watch?v=LLNtZKpL0P8) | No Notice | BR/EDR | CVE-2017-8628, CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785, CVE-2017-14315, CVE-2017-1000250, CVE-2017-1000251, CVE-2017-14315, CVE-2017-1000410 | | Bleedingbit | 2018 | [Site](https://www.armis.com/bleedingbit/) | [Paper](https://info.armis.com/rs/645-PDC-047/images/Armis-BLEEDINGBIT-Technical-White-Paper-WP.pdf) | [Video](https://www.youtube.com/watch?v=pZpAUapKvGY) | No Notice | LE | CVE-2018-7080, CVE-2018-16986 | | Fixed Coordinate Invalid Curve Attack | 2018 | [Site](https://www.cs.technion.ac.il/~biham/BT/) | [Paper](https://www.cs.technion.ac.il/~biham/BT/bt-fixed-coordinate-invalid-curve-attack.pdf) | No Video | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bluetooth-sig-security-update/) | BR/EDR/LE | CVE-2018-5383 | | SweynTooth | 2019 | [Site](https://asset-group.github.io/disclosures/sweyntooth/) | [Paper](https://asset-group.github.io/disclosures/sweyntooth/sweyntooth.pdf) | [Video](https://www.youtube.com/watch?v=Iw8sIBLWE_w) | No Notice | LE | CVE-2019-16336, CVE-2019-17060, CVE-2019-17061, CVE-2019-17517, CVE-2019-17518, CVE-2019-17519, CVE-2019-17520, CVE-2019-19192, CVE-2019-19193, CVE-2019-19194, CVE-2019-19195, CVE-2019-19196, CVE-2020-10061, CVE-2020-10069, CVE-2020-13593, CVE-2020-13594, CVE-2020-13595 | | KNOB | USENIX 2019 | [Site](https://knobattack.com/) | [Paper](https://www.usenix.org/system/files/sec19-antonioli.pdf) | [Video](https://www.youtube.com/watch?v=v9Xg9XcnNh0) | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/reporting-security/statement-key-negotiation-of-bluetooth/) | BR/EDR | CVE-2019-9506 | | BIAS | IEEE S&P 2020 | [Site](https://francozappa.github.io/about-bias/) | [Paper](https://francozappa.github.io/about-bias/publication/antonioli-20-bias/antonioli-20-bias.pdf) | [Video](https://www.youtube.com/watch?v=fASGU7Og5_4) | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/) | BR/EDR | CVE-2020-10135 | -| Pairing Method Confusion | 2020 | https://github.com/maxdos64/BThack | https://www.computer.org/csdl/proceedings-article/sp/2021/893400a213/1mbmHzm2Q6c | No Video | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/method-vulnerability/) | BR/EDR/LE | CVE-2020-10134 | +| Pairing Method Confusion | 2020 | [Site](https://github.com/maxdos64/BThack) | [Paper](https://www.computer.org/csdl/proceedings-article/sp/2021/893400a213/1mbmHzm2Q6c) | No Video | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/method-vulnerability/) | BR/EDR/LE | CVE-2020-10134 | | BlueFrag | 2020 | [Article](https://insinuator.net/2020/04/cve-2020-0022-an-android-8-0-9-0-bluetooth-zero-click-rce-bluefrag/) | No Paper | No Video | No Notice | Android | CVE-2020-0022 | | Spectra | Black Hat USA 2020 | [Abstract](https://www.blackhat.com/us-20/briefings/schedule/index.html#spectra-breaking-separation-between-wireless-chips-20005) | TBD | [Video](https://www.youtube.com/watch?v=GZd66uVGKn8) | No Notice | WiFi+BT modules | CVE-2019-15063, CVE-2020-10367, CVE-2020-10368, CVE-2020-10369, CVE-2020-10370 | From 1639c026134dfbf185d35bff0da095173f73d6b4 Mon Sep 17 00:00:00 2001 From: engn33r Date: Mon, 21 Sep 2020 23:59:41 -0400 Subject: [PATCH 2/6] Add BLURtooth and BLESA --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 5d54d0b..0362c62 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,8 @@ Submit a PR if something is missing! | Pairing Method Confusion | 2020 | [Site](https://github.com/maxdos64/BThack) | [Paper](https://www.computer.org/csdl/proceedings-article/sp/2021/893400a213/1mbmHzm2Q6c) | No Video | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/method-vulnerability/) | BR/EDR/LE | CVE-2020-10134 | | BlueFrag | 2020 | [Article](https://insinuator.net/2020/04/cve-2020-0022-an-android-8-0-9-0-bluetooth-zero-click-rce-bluefrag/) | No Paper | No Video | No Notice | Android | CVE-2020-0022 | | Spectra | Black Hat USA 2020 | [Abstract](https://www.blackhat.com/us-20/briefings/schedule/index.html#spectra-breaking-separation-between-wireless-chips-20005) | TBD | [Video](https://www.youtube.com/watch?v=GZd66uVGKn8) | No Notice | WiFi+BT modules | CVE-2019-15063, CVE-2020-10367, CVE-2020-10368, CVE-2020-10369, CVE-2020-10370 | +| BLURtooth | 2020 | No site | No Paper | No Video | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/) | BR/EDR+LE | CVE-2020-15802 | +| BLESA | WOOT 2020 | [Site](https://www.usenix.org/conference/woot20/presentation/wu) | [Paper](https://www.usenix.org/system/files/woot20-paper-wu-updated.pdf) | [Video](https://www.youtube.com/watch?v=wIWZaSZsRc8) | No Notice | LE | CVE-2020-9770 | ------ From 1bc0fe75ca60931f22bbdd16c471b3beab0289ad Mon Sep 17 00:00:00 2001 From: engn33r Date: Tue, 22 Sep 2020 00:02:26 -0400 Subject: [PATCH 3/6] Add BLESA video --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 0362c62..adabbef 100644 --- a/README.md +++ b/README.md @@ -128,6 +128,7 @@ Submit a PR if something is missing! - Hardwear.io Virtual Con 2020 - Daniele Antonioli - From Bluetooth Standard to Standard Compliant 0-days [Video](https://www.youtube.com/watch?v=ZVSbF11uxuk) - DEF CON 28 - Jiska Classen and Francesco Gringoli - Spectra — New Wireless Escalation Targets [Video](https://www.youtube.com/watch?v=GZd66uVGKn8) +- USENIX WOOT 2020 - Jianliang Wu - BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy [Video](https://www.youtube.com/watch?v=wIWZaSZsRc8) ------ From e4adc1868890658b08a901db6c2ca28a518bf4e5 Mon Sep 17 00:00:00 2001 From: engn33r Date: Fri, 16 Oct 2020 03:48:06 +0000 Subject: [PATCH 4/6] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index adabbef..b801b98 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,7 @@ Submit a PR if something is missing! | Spectra | Black Hat USA 2020 | [Abstract](https://www.blackhat.com/us-20/briefings/schedule/index.html#spectra-breaking-separation-between-wireless-chips-20005) | TBD | [Video](https://www.youtube.com/watch?v=GZd66uVGKn8) | No Notice | WiFi+BT modules | CVE-2019-15063, CVE-2020-10367, CVE-2020-10368, CVE-2020-10369, CVE-2020-10370 | | BLURtooth | 2020 | No site | No Paper | No Video | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/) | BR/EDR+LE | CVE-2020-15802 | | BLESA | WOOT 2020 | [Site](https://www.usenix.org/conference/woot20/presentation/wu) | [Paper](https://www.usenix.org/system/files/woot20-paper-wu-updated.pdf) | [Video](https://www.youtube.com/watch?v=wIWZaSZsRc8) | No Notice | LE | CVE-2020-9770 | +| BleedingTooth | N/A | [Site](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html) | N/A | N/A | No Notice | Linux | CVE-2020-12351, CVE-2020-12352, CVE-2020-24490 | ------ From ec7cd7025e57fac879b7c688141f9232a7c3da8f Mon Sep 17 00:00:00 2001 From: engn33r Date: Thu, 5 Nov 2020 20:57:59 -0500 Subject: [PATCH 5/6] Add some talks and one more tool --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b801b98..5c22c81 100644 --- a/README.md +++ b/README.md @@ -101,7 +101,7 @@ Submit a PR if something is missing! ### 2016 -- DEF CON 24 - Anthony Rose, Ben Ramsey - Picking Bluetooth Low Energy Locks a Quarter Mille Away [Video](https://www.youtube.com/watch?v=KrOReHwjCKI) +- DEF CON 24 - Anthony Rose, Ben Ramsey - Picking Bluetooth Low Energy Locks a Quarter Mile Away [Video](https://www.youtube.com/watch?v=KrOReHwjCKI) - DEF CON 24 - Realtime Bluetooth Device Detection with Blue Hydra [Video](https://www.youtube.com/watch?v=p5AnZHY7g1M) - DEF CON 24 Internet of Things Village Damien Cauquil Btlejuice The Bluetooth Smart Mitm Framework [Video](https://www.youtube.com/watch?v=lcn07TclnS0) - Blackhat USA 2016 - Gattacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool [Video](https://www.youtube.com/watch?v=uKqdb4lF0XU) @@ -124,12 +124,15 @@ Submit a PR if something is missing! - MRMCD2019 - Dennis Mantz and Jiska Classen - Playing with Bluetooth [Video](https://www.youtube.com/watch?v=uwkR8bcni38) - BruCON 0x0B - Damien Cauquil - Defeating Bluetooth Low Energy 5 PRNG for fun and jamming [Video](https://www.youtube.com/watch?v=rtaSCqngvqU) - Hack.LU 2019 - Damien Cauquil - Defeating Bluetooth Low Energy 5 PRNG For Fun And Jamming [Video](https://www.youtube.com/watch?v=4TaimqlQCew) +- CyberCamp19 - Pablo González - Audit and hacking to Bluetooth Low-Energy (BLE) devices [Video](https://www.youtube.com/watch?v=v4YxIlNyiSI) ### 2020 - Hardwear.io Virtual Con 2020 - Daniele Antonioli - From Bluetooth Standard to Standard Compliant 0-days [Video](https://www.youtube.com/watch?v=ZVSbF11uxuk) - DEF CON 28 - Jiska Classen and Francesco Gringoli - Spectra — New Wireless Escalation Targets [Video](https://www.youtube.com/watch?v=GZd66uVGKn8) +- DEF CON 28 - Maxine Filcher - The Basics Of Breaking BLE v3 [Video](https://www.youtube.com/watch?v=X2ARyfjzxhY) - USENIX WOOT 2020 - Jianliang Wu - BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy [Video](https://www.youtube.com/watch?v=wIWZaSZsRc8) +- Ekoparty 2020 - Cecilia Pastorino and Dan Borgogno - Bluetooth Low Energy Hacking 101 [Video](https://www.youtube.com/watch?v=2sirVrJpI30) ------ @@ -145,6 +148,7 @@ Submit a PR if something is missing! - Bettercap [Github](https://github.com/bettercap/bettercap) - sparrow-wifi [Github](https://github.com/ghostop14/sparrow-wifi) - bluelog [Github](https://github.com/MS3FGX/Bluelog) +- btsniffer [Github](https://github.com/bsnet/btsniffer) - Blue Hydra [Github](https://github.com/pwnieexpress/blue_hydra) - btlesniffer [Github](https://github.com/scipag/btle-sniffer) - btscanner [Link](https://manpages.ubuntu.com/manpages/bionic/man1/btscanner.1.html) From 87bc75919a87e47a59dcc41920fe504270030caa Mon Sep 17 00:00:00 2001 From: engn33r Date: Fri, 29 Jan 2021 17:55:09 -0500 Subject: [PATCH 6/6] Add new talks and tools from 2020 --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 5c22c81..7ef25fc 100644 --- a/README.md +++ b/README.md @@ -132,7 +132,9 @@ Submit a PR if something is missing! - DEF CON 28 - Jiska Classen and Francesco Gringoli - Spectra — New Wireless Escalation Targets [Video](https://www.youtube.com/watch?v=GZd66uVGKn8) - DEF CON 28 - Maxine Filcher - The Basics Of Breaking BLE v3 [Video](https://www.youtube.com/watch?v=X2ARyfjzxhY) - USENIX WOOT 2020 - Jianliang Wu - BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy [Video](https://www.youtube.com/watch?v=wIWZaSZsRc8) +- USENIX 2020 - Yue Zhang - Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks [Video](https://www.youtube.com/watch?v=vcv6agrH4J8) - Ekoparty 2020 - Cecilia Pastorino and Dan Borgogno - Bluetooth Low Energy Hacking 101 [Video](https://www.youtube.com/watch?v=2sirVrJpI30) +- rC3 2020 - Exposure Notification Security [Video](https://www.youtube.com/watch?v=w9yuTZzsP_w) ------ @@ -144,6 +146,7 @@ Submit a PR if something is missing! ### Scanners & Sniffers +- BTLEmap [Github](https://github.com/seemoo-lab/BTLEmap) - Sniffle [Github](https://github.com/nccgroup/sniffle) - Bettercap [Github](https://github.com/bettercap/bettercap) - sparrow-wifi [Github](https://github.com/ghostop14/sparrow-wifi) @@ -177,6 +180,7 @@ Submit a PR if something is missing! ### Fuzzing +- Toothpicker [Github](https://github.com/seemoo-lab/toothpicker) - bss (unsupported) [Github](https://github.com/hllhll/BluetoothStackSmasher) - Defensics (Commercial) [Link](https://www.synopsys.com/software-integrity/security-testing/fuzz-testing.html)