Sniffle: A sniffer for Bluetooth 5 and 4.x LE
(github.com/nccgroup)
Sniffle is a sniffer for Bluetooth 5 and 4.x (LE) using TI CC1352/CC26x2 hardware.
Sniffle is a sniffer for Bluetooth 5 and 4.x (LE) using TI CC1352/CC26x2 hardware.
Undocumented commands found in Bluetooth chip used by a billion devices
(bleepingcomputer.com)
The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains undocumented commands that could be leveraged for attacks.
The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains undocumented commands that could be leveraged for attacks.
CVE-2024-9956 – PassKey Account Takeover in All Mobile Browsers
(mastersplinter.work)
In this blogpost I will go over a vulnerability I found in all major mobile browsers that allowed an attacker within Bluetooth range to take over PassKeys accounts by triggering FIDO:/ intents.
In this blogpost I will go over a vulnerability I found in all major mobile browsers that allowed an attacker within Bluetooth range to take over PassKeys accounts by triggering FIDO:/ intents.
10-cent RISC-V MCU features 2.4GHz wireless, Bluetooth LE 5.0, USB 2.0
(cnx-software.com)
Patrick Yang, CTO at WCH, has recently unveiled the CH570 RISC-V SoC with 2.4GHz wireless and USB 2.0 (host & device) as an upgrade to the popular CH32V003 general-purpose RISC-V MCU with more features at the same low price (10 cents).
Patrick Yang, CTO at WCH, has recently unveiled the CH570 RISC-V SoC with 2.4GHz wireless and USB 2.0 (host & device) as an upgrade to the popular CH32V003 general-purpose RISC-V MCU with more features at the same low price (10 cents).
Nordic Semiconductor's Free Bluetooth Low Energy Course
(nordicsemi.com)
The Bluetooth Low Energy Fundamentals course is an online, self-paced course that focuses on teaching the basics of Bluetooth LE using Nordic Semiconductor devices (nRF54, nRF53, and nRF52 Series).
The Bluetooth Low Energy Fundamentals course is an online, self-paced course that focuses on teaching the basics of Bluetooth LE using Nordic Semiconductor devices (nRF54, nRF53, and nRF52 Series).
Espressif's Response to Undocumented Commands in ESP32 Bluetooth by Tarlogic
(espressif.com)
Recently, some media have reported on a press release initially calling out ESP32 chips for having a “backdoor”. Espressif would like to take this opportunity to clarify this matter for our users and partners.
Recently, some media have reported on a press release initially calling out ESP32 chips for having a “backdoor”. Espressif would like to take this opportunity to clarify this matter for our users and partners.
ESP32 Undocumented Bluetooth Commands: Clearing the Air
(espressif.com)
Espressif has already provided a formal response to the recently published claims about ESP32 Bluetooth controller serving as a potential “backdoor” or having “undocumented features” that can cause security concerns.
Espressif has already provided a formal response to the recently published claims about ESP32 Bluetooth controller serving as a potential “backdoor” or having “undocumented features” that can cause security concerns.
The ESP32 "backdoor" that wasn't
(darkmentor.com)
This post refutes the claim that researchers found a “backdoor” in ESP32 Bluetooth chips.
This post refutes the claim that researchers found a “backdoor” in ESP32 Bluetooth chips.
Undocumented backdoor found in Bluetooth chip used by a billion devices
(bleepingcomputer.com)
The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented backdoor that could be leveraged for attacks.
The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented backdoor that could be leveraged for attacks.
Turning a Bluetooth device into an Apple AirTag without root privileges
(nroottag.github.io)
A remote attacker can exploit this vulnerability to turn your device—whether it’s a desktop, smartphone, or smartwatch—into an AirTag-like tracker, enabling the attacker to track your location. How does it work? Over 1.5 billion iPhones could act as free tracking agents for the attacker worldwide.
A remote attacker can exploit this vulnerability to turn your device—whether it’s a desktop, smartphone, or smartwatch—into an AirTag-like tracker, enabling the attacker to track your location. How does it work? Over 1.5 billion iPhones could act as free tracking agents for the attacker worldwide.
Rust based bluetooth dynamometer designed for finger training powered by ESP32
(github.com/SergioGasquez)
Crimpdeq is a bluetooth dynamometer designed for finger training, powered by an ESP32-C3 and a WH-C100 crane scale, with firmware written in Rust!
Crimpdeq is a bluetooth dynamometer designed for finger training, powered by an ESP32-C3 and a WH-C100 crane scale, with firmware written in Rust!
ESP32 Marauder
(tindie.com)
The Marauder is a portable penetration testing tool created for WiFi and Bluetooth analysis.
The Marauder is a portable penetration testing tool created for WiFi and Bluetooth analysis.
Openhaystack: Build 'AirTags' – track Bluetooth devices via Apple's network
(github.com/seemoo-lab)
OpenHaystack is a framework for tracking personal Bluetooth devices via Apple's massive Find My network. Use it to create your own tracking tags that you can append to physical objects (keyrings, backpacks, ...) or integrate it into other Bluetooth-capable devices such as notebooks.
OpenHaystack is a framework for tracking personal Bluetooth devices via Apple's massive Find My network. Use it to create your own tracking tags that you can append to physical objects (keyrings, backpacks, ...) or integrate it into other Bluetooth-capable devices such as notebooks.
Track your devices via Apple FindMy network in Go/TinyGo
(github.com/hybridgroup)
Go Haystack lets you track personal Bluetooth devices via Apple's massive "Find My" network.
Go Haystack lets you track personal Bluetooth devices via Apple's massive "Find My" network.
The Weird BLE-Lock – Hacking Cloud Locks
(nv1t.github.io)
tl;dr; My knowledge in Bluetooth LE Communication got quite rusty over time and i wanted to refresh it with an easy target the other day. I wanted to open up the lock with a simple bluetooth command but ended up having access to their entire backend database with a lot of unique users across their entire product lineup.
tl;dr; My knowledge in Bluetooth LE Communication got quite rusty over time and i wanted to refresh it with an easy target the other day. I wanted to open up the lock with a simple bluetooth command but ended up having access to their entire backend database with a lot of unique users across their entire product lineup.
Fun with Logitech MX900 Bluetooth receivers (2006)
(nynaeve.net)
For some time now, I have been partial to cordless mice; they’re much less of a hastle to use than “conventional” mice, especially if you use a laptop primarily.
For some time now, I have been partial to cordless mice; they’re much less of a hastle to use than “conventional” mice, especially if you use a laptop primarily.
Show HN: Bluetooth USB Peripheral Relay – Bridge Bluetooth Devices to USB
(github.com/bahaaador)
This project creates a Bluetooth USB HID relay using a Raspberry Pi Zero (or similar OTG-enabled single-board computer). It allows you to use Bluetooth keyboards and mice with computers that have Bluetooth disabled, by presenting the board as a composite USB HID device.
This project creates a Bluetooth USB HID relay using a Raspberry Pi Zero (or similar OTG-enabled single-board computer). It allows you to use Bluetooth keyboards and mice with computers that have Bluetooth disabled, by presenting the board as a composite USB HID device.
Practical Introduction to BLE GATT Reverse Engineering: Hacking the Domyos EL500 (2023)
(jcjc-dev.com)
My goal for this project was quite specific, leaving many details unexplored (for now). This post aims to be a quick reference for my future self, and to hopefully help anyone else who might be interested in doing something similar.
My goal for this project was quite specific, leaving many details unexplored (for now). This post aims to be a quick reference for my future self, and to hopefully help anyone else who might be interested in doing something similar.