DEFCON: BtleJuice MitM Hacks Bluetooth (and belittles Bluetooth Padlock security)
LAS VEGAS - Hacking Bluetooth to date has been about buying an Uberone and sniffer the air. A new tool and method was first publicly demonstrated today at DEFCON that creates a Man In The Middle Attack for Bluetooth Smart enabled devices.
"Sniffing is so hard and it really sucks," security researcher, Damien Cauquil said.
So rather than sniffing, what the BtleJuice Framework tool does is it looks for open bluetooth connections and attempts to connect to the device, it then creates a dummy device with the same services and characteristics. Finally BtleJuice waits for new connections, which it then takes over, as the Man in The Middle, enabling an attacker to inject new commands.
Cauquil has a number of interesting use cases for BtlJuice and demonstrated a live attack against a Bluetooth controlled robot. Additionally he noted that he has tested the attack against Bluetooth smart locks with a very high degree of success.
The project is entirely open-source and available today on Github at: https://github.com/DigitalSecurity/BtleJuice
Sean Michael Kerner is a senior editor at nternetNews.com. Follow him on Twitter @TechJournalist