CactusCon

CactusCon13
February 14-15, 2025
Mesa, AZ

Exploiting Bluetooth Low Energy 101

Bluetooth, especially Bluetooth Low Energy (BLE), has become the ubiquitous backbone that modern devices use to interact with each other. From mobile, to IoT, to Auto, most smart devices now support Bluetooth connections, meaning that the attack vector is becoming an increasingly important aspect of security testing. This class will breakdown various phases of Bluetooth “hacking” with an emphasis on sniffing BLE connections, spoofing devices, and exploiting GATT services. We will cover some history behind Bluetooth and the evolution of the protocol stack, the tools and setup required to start testing BLE in your home or as part of a Bluetooth Pentest, and demonstrate that all you need to start test BLE is a Android or iOS device.

Maxine Filcher

Maxine is a US Army Veteran, currently attending the University of Washington – Tacoma as a Senior pursuing a degree in Information Assurance and Cybersecurity. She has experience as a Security Analyst hunting wireless threats and vulnerabilities, and currently works for IOActive as a Security Consultant applying her knowledge to help companies identify wireless risks within their environments. She has also served as a Teaching assistant for the UWT CPES program, which builds and delivers cybersecurity focused curricula for K-12 students, where she focused on wireless security and RF concepts. Maxine was selected for the SANS Women’s Immersion Academy 2018 Cohort and holds the GSEC, GCIH, and GPEN GIAC certifications.