About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Tricking Android Smart Lock With Bluetooth- 841

Trifinite - Martin HerfurtPosted 3 Years Ago
  • Back in 2015, there is Smart Locks were starting to come around. Within these, there was a proximity functionality that allowed the automatic opening of locks if one is close by. How does this work?
  • Each bluetooth device has a unique Bluetooth device address (6 bytes), which is similar to a MAC address. In order to determine the proximity, the bluetooth device id was used. Of course, this can be spoofed!
  • In order to communicate with the lock, there is a shared key from a previous step. So, it is not as simple as spoofing the ID. Instead, an attacker must know the ID AND send data via the unencrypted communication channel. Now, the device is trusted, opening the lock.
  • To launch this attack, you must know the ID of the phone. However, using the Ubertooth One or similar tools, this is trivial to do. Even worse, the sniffing and reproducing could be done via a planted Raspberry Pi.
  • Overall, good post with many other fun wireless things on this blog. Good job Martin!

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed