We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Taking Bluetooth lockpicking to the next level

00:00

Formal Metadata

Title
Taking Bluetooth lockpicking to the next level
Subtitle
...or the 37th floor of a Hotel
Title of Series
Number of Parts
102
Author
License
CC Attribution 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
If hacking chinese padlocks and bike sharing systems isn't enough any more, let's go and open some new doors. Like the ones of some 37th floor Hotel Suites... We're taking Bluetooth LE hacking from toys and padlocks to the real world. Improving the tools and methods we used in previous research to break the AES cryptography of the NOKE Padlock, we went to do the one thing a mobile hotel key is supposed to prevent: wirelessly sniff someone entering his room - or just unlocking the elevator - and then reconstruct the needed data to open the door with any BTLE enabled PC or even a raspberry pi. In this talk we will show and explain the tools and methods we used and developed to break the BTLE based mobile phone key system of a large hotel chain. And then come from the academic proof of concept to a reliable setup that can be used in real life scenarios to carry out the attack. Methods shown will cover the reverse engineering of the wireless protocol based on BTLE captures, analyzing phone apps and intercepting the TLS encrypted traffic to the back end API, which in combination led to the compromise of a system used in quite some big and expensive hotels for their "next level" customer experience: mobile room keys.
TelecommunicationChaos (cosmogony)Office suitePerturbation theoryMultiplication signJSONXMLLecture/Conference
Information securityExecution unitPresentation of a groupHand fanBit rateQuantum stateInformation securityTelecommunicationInsertion lossComputer animation
Dew pointRevision controlTrailSmart DeviceHacker (term)System programmingFood energyForm (programming)Content (media)Presentation of a groupInternet service providerHacker (term)BuildingBand matrixPlastikkarteVulnerability (computing)Physical systemFood energyComputer animation
Smart DeviceHacker (term)System programmingFood energyPresentation of a groupExecution unitKey (cryptography)Component-based software engineeringPlastikkarteInternetworkingSmartphoneBitDependent and independent variablesInternetworkingProcess (computing)Vulnerability (computing)SmartphonePhysical systemFood energyPoint (geometry)Key (cryptography)ECosComputer animation
Computer hardwareVibrationInternetworkingSmartphoneVector graphicsMobile appDew pointVirtual machineVector spaceComputer hardwareTelecommunicationDecision tree learningPower (physics)Physical systemKey (cryptography)Mathematical analysisImplementationConnected spaceMereologyServer (computing)InternetworkingPresentation of a groupPoint (geometry)AuthenticationSurjective functionFlash memoryFront and back endsSmartphoneWeb 2.0Mechanism designWeb serviceVulnerability (computing)Computer animation
Dew pointVirtual machineVector graphicsInternetworkingSmartphoneMobile appFood energyMereologyTelecommunicationBit ratePersonal digital assistantExecution unitInformation securityOSI modelComputer configurationMusical ensembleVorwärtsfehlerkorrekturAnwendungsschichtTelecommunicationVector spaceVirtual machinePhysical systemPower (physics)Exterior algebraMereologyFood energyPoint (geometry)Classical physicsElliptic curveComputer configurationConnected spaceMeasurementCASE <Informatik>Information securityIP addressCartesian coordinate systemBit rateSmartphoneRoutingCurveMeeting/InterviewJSONXMLUMLComputer animation
Asynchronous Transfer ModeAndroid (robot)Installation artPublic key certificateDew pointGroup actionComputer configurationSpeech synthesisMobile appFile systemGroup actionMenu (computing)Asynchronous Transfer ModeComputer fileTimestampPublic key certificatePhysical systemCuboidDiscrete element methodMultiplication signMeeting/InterviewComputer animation
Group actionAttribute grammarCommunications protocolLengthLocal ringDependent and independent variablesFrame problemLie groupProof theorySequenceExecution unitTelecommunicationProof theoryConnected spaceCommunications protocolData streamComputer fileEvent horizonPlug-in (computing)Video gameSequenceMereologyComputer virusSet (mathematics)Computer animation
FirmwareSpywareBitFirmwareSpywareConnected spaceWhiteboardMultiplication signLecture/ConferenceComputer animation
Proof theoryQuantum stateExecution unitSoftware frameworkComplex (psychology)Power (physics)MereologyAuthorizationObservational studyComputer animation
Software frameworkRootTransport Layer SecurityPublic key certificateAndroid (robot)SoftwareAxiom of choicePhysical systemVirtual machineConfiguration spaceRevision controlInternetworkingRootInformation securityPoint (geometry)outputData storage deviceOnline helpHoaxPublic key certificateAndroid (robot)Mobile appSet (mathematics)Different (Kate Ryan album)Computer animation
Digital signalCodePublic key certificateNumberView (database)Raw image formatChainPeer-to-peerLogic gateAndroid (robot)Revision controlSystem callIntercept theoremMeasurementSign (mathematics)Key (cryptography)Public key certificateMobile appPhysical systemSound effectDigital photographyMathematical analysisCodeRevision controlCartesian coordinate systemObject (grammar)Online helpComputer fileComputer animation
Run time (program lifecycle phase)Mobile WebExecution unitScripting languageTransport Layer SecuritySequencePublic key certificateMathematical analysisHacker (term)Information securityCommunications protocolMobile WebSoftware developerMobile appServer (computing)Connectivity (graph theory)RoutingObject (grammar)Type theoryRootPersonal identification numberInformation overloadAndroid (robot)MereologyDot productTerm (mathematics)System callException handlingCASE <Informatik>Information securityOnline helpGreatest elementArmSpacetimeLecture/Conference
Proxy serverSuite (music)Transport Layer SecurityDependent and independent variablesEvent horizonExecution unitVariety (linguistics)Transportation theory (mathematics)Line (geometry)Execution unitProxy serverDataflowRoutingFirmwareEvent horizonMessage passingAndroid (robot)Order (biology)Physical systemControl flowLecture/ConferenceComputer animation
Inclusion mapElectronic mailing listSequenceAbsolute valueRevision controlAdvanced Encryption StandardData structureEncryptionRandom numberPhysical systemCommunications protocolData transmissionMedical imagingServer (computing)RandomizationEncryptionPasswordFront and back endsBitCartesian coordinate systemKey (cryptography)ArmSmartphoneLecture/Conference
Dew pointCommunications protocolOrdinary differential equationCodeCloud computingRow (database)Flow separationKey (cryptography)Front and back endsMultiplication signMereologyCASE <Informatik>Communications protocolDependent and independent variablesLecture/ConferenceComputer animation
MathematicsSoftwareConnected spaceMetropolitan area networkCartesian coordinate systemLibrary (computing)Mixed realityMeeting/Interview
Formal verificationPhysical systemCommunications protocolWritingLeakKey (cryptography)Dew pointInternetworkingSmartphoneMobile appPhysical lawFuzzy logicTerm (mathematics)Vulnerability (computing)MathematicsCommunications protocolCartesian coordinate systemKey (cryptography)Front and back endsCompilerPhysical systemCASE <Informatik>Source codeComputer animation
Source codeAndroid (robot)CodeInclusion mapJava appletBinary fileComputer fileArmCodeCartesian coordinate systemJava appletSource codeCryptographyProcess (computing)Helmholtz decompositionArmAndroid (robot)Computer animation
CryptographyAndroid (robot)Point (geometry)Java appletService (economics)Key (cryptography)Android (robot)Video gameOrder (biology)State of matterHypermediaCartesian coordinate systemSymbol tableComputer animation
Dew pointJava appletCodeAndroid (robot)Key (cryptography)Symbol tableMobile appWritingComputer animationMeeting/Interview
Information securityPeer-to-peerCommunications protocolMessage passingMathematical analysisPhysical systemProof theoryAuto mechanicCodeDew pointAttribute grammarHexagonDecimalWindowData transmissionPasswordCodeEncryptionExtreme programmingArchaeological field surveyTablet computerComputer animationXMLUML
CodeAttribute grammarCommunications protocolHexagonDecimalEmulationDew pointRamsey theoryString (computer science)HexagonDecimalKey (cryptography)CodeMathematical singularityRight angleMobile appPresentation of a groupOpen setVulnerability (computing)RandomizationMessage passingMassComputer animation
Execution unitRamsey theoryTelecommunicationOpen setBlock (periodic table)
Ramsey theoryPresentation of a groupProjective planeRevision controlComputer animationMeeting/Interview
EncryptionInformation securityTerm (mathematics)Key (cryptography)Advanced Encryption StandardElectronic data interchangeRecurrence relationSpeech synthesisOperator (mathematics)Information securityOpen setCommunications protocolKey (cryptography)Different (Kate Ryan album)Multiplication signVulnerability (computing)Mechanism designBitDisassemblerComputer animation
Heat transferEncryptionExclusive orModulo (jargon)Staff (military)Computer hardwareMobile appSoftware development kitMobile WebBitKey (cryptography)Product (business)MereologyCodeVideo gameCryptographyInformation securityAuthenticationCartesian coordinate systemMechanism designMobile appSequenceNetwork topologyVibrationGroup actionComplex (psychology)Physical systemHeat transferQueue (abstract data type)NumberLink (knot theory)Operator (mathematics)Shared memoryPlastikkarteProxy serverECosSocial engineering (security)Mobile WebComputer animation
Demo (music)Mobile WebEncryptionAdvanced Encryption StandardPhysical systemReverse engineeringVector spaceCASE <Informatik>Normal (geometry)Proxy serverCryptographyPerspective (visual)Physical systemKey (cryptography)TelecommunicationRevision controlException handlingCommunications protocolDirection (geometry)Front and back endsLoginMobile appVector spacePhysical lawCore dumpSystem callTransport Layer SecurityJSONXMLUMLComputer animation
Computer clusterPhysical systemMobile WebTransport Layer SecurityFitness functionDependent and independent variablesAttribute grammarCommunications protocolElectronic data interchangeMathematical analysisSocial classStability theoryKey (cryptography)MultiplicationTheoryFigurate numberGoodness of fitComputer animationSource codeXML
Cyclic redundancy checkMathematical analysisDew pointScripting languagePolynomialExclusive orParameter (computer programming)Message passingCalculationSequenceExecution unitoutputTelecommunicationPointer (computer programming)Mobile WebRow (database)MultiplicationMathematicsLine (geometry)Term (mathematics)ArmMessage passingBitReverse engineeringScripting languageForcing (mathematics)Direction (geometry)Mixed realityCodePolynomialPhysical systemCartesian coordinate systemExclusive orCalculationFront and back endsInitial value problemProjective planeMultiplication signRight angleComputer animation
Dew pointNumberPeripheralPort scannerRootScripting languageRow (database)LaptopData transmissionTraffic reportingTouchscreenCASE <Informatik>Hecke operatorScripting languageHacker (term)Real numberClassical physicsComputer animationLecture/Conference
View (database)LaptopScripting languageSuite (music)Lecture/Conference
Scripting languageTelecommunicationElectronic data interchangeProduct (business)ChainWebsiteCommunications protocolBounded variationCyclic redundancy checkPhysical systemPiScripting languageDigitizingChainNumberCommunications protocolBounded variationMobile appCodeMathematicsNetwork topologyBinary codeReal numberComputer animation
Address spaceReal numberKey (cryptography)Computer configurationInformation securityFitness functionService (economics)Software testingMeeting/InterviewComputer animation
Computer clusterSimulationScripting languageComputer hardwareKey (cryptography)Mobile appPhysical lawScripting languageComputer hardwareComputer simulationException handlingLaptopMultiplication signComputer animation
Execution unitDependent and independent variablesFeasibility studyCodeProof theoryVulnerability (computing)Software development kitSystem identificationTelecommunicationProof theoryPhysical systemEmailLatent heatDifferent (Kate Ryan album)Mobile appCodeVideoconferencingState of matterDependent and independent variablesCASE <Informatik>ECosRight angleOffice suiteComputer animation
State of matterBitPhysical systemPlastikkarteMobile app2 (number)Lecture/Conference
Dew pointSoftware development kitSystem identificationMobile appElectric currentOSI modelCommunications protocolBitProcess (computing)Physical systemMeasurementPresentation of a groupCommunications protocolDesign by contractInformationBuildingSlide ruleLink (knot theory)Information securityPoint (geometry)WordOnline helpMobile appField (computer science)Kälteerzeugung2 (number)Computer animation
2 (number)Multiplication signComputer animationLecture/Conference
Radio-frequency identificationGroup actionPhysical systemPlastikkarteField (computer science)Different (Kate Ryan album)CloningQuicksortMagnetic stripe cardComputer animation
QuicksortPhysical systemException handlingInformation securityView (database)Multiplication signDigitizingLink (knot theory)EncryptionCartesian coordinate systemLecture/ConferenceMeeting/Interview
Finite element methodCASE <Informatik>TouchscreenInternetworkingInternet der DingeLecture/ConferenceComputer animationJSON
Computer animation
Transcript: English(auto-generated)