3-Day Training: Blue Oceans – Advanced Attacks Against BLE, NFC, HCE and more (Amsterdam, Netherlands – May 6-8, 2019) – ResearchAndMarkets.com
DUBLIN–(BUSINESS WIRE)–The “3-Day
Training: Blue Oceans: Advanced Attacks Against BLE, NFC, HCE and more”
training has been added to ResearchAndMarkets.com’s
offering.
Bluetooth Low Energy is one of the most exploding IoT technologies. BLE
devices surround us more and more – not only as wearables, toothbrushes
and sex toys, but also smart locks, medical devices and banking tokens.
Alarming vulnerabilities of these devices have been exposed multiple
times recently – and yet, the knowledge on how to comprehensively assess
their security seems very uncommon. Not to mention best practices
guidelines, which are practically absent.
This is probably the most exhaustive and up to date training regarding
BLE security – for both pentesters and developers. Compressing years of
painful debugging and reversing into practical, useful checklists. Based
on hands-on exercises on real devices (including multiple smart locks)
as well as a deliberately vulnerable, training hackmelock.
NFC, on the other hand, has been around us for quite long. However, the
vulnerabilities pointed out years ago, probably won’t be resolved in the
near future. It is still surprisingly easy to clone most access control
cards used for buildings today. Among other practical exercises
performed on real installations, the attendees will reverse-engineer an
example hotel access system, and as a result will be able to open all
the doors in facility. A list of several hundred hotels affected
included.
With prevalence of NFC smartphones, a new implementation of this
technology is recently gaining attention: mobile contactless
payments/access control, on Android known as Host Card Emulation. Using
combination of cloud services and mobile security, it is now possible to
embed credit card (or NFC key to a lock) in your phone. Is the
technology as robust as advertised? How to check its security, and how
to implement it correctly? Find out during practical exercises,
including step by step guide on how to bypass security mechanisms and
clone a contactless payment card.
Key Learning Objectives
- In-depth knowledge of Bluetooth Low Energy, common implementation
pitfalls, device assessment process and best practices for
implementation - Ability to identify vulnerable access control systems, clone cards and
reverse-engineer data stored on card - Understanding mobile contactless payments technology, possible
attacks, risks and countermeasures
Prerequisite Knowledge
- Basic familiarity with Linux command-line, Kali
- Scripting skills, pentesting experience, Android mobile applications
security background will be an advantage, but is not crucial
Hardware / Software Requirements
- Contemporary laptop capable of running Kali Linux in virtual machine,
and at least one USB port - You can bring your own BLE device or access control card to check its
security
Each student will receive:
- Course materials in PDFs (several hundred pages)
- All required additional files: source code, documentation,
installation binaries, virtual machine images on a pendrive
Take-away hardware pack of 300 EUR value for hands-on exercises,
consisting of:
- Rooted NFC- and BLE-capable Android smartphone with all the required
applications; root-hiding and device characteristics spoofing
frameworks configured - Proxmark3 with latest firmware
- Multiple RFID/NFC tags for cracking and cloning, including Chinese
magic UID, T5577, Ultralight, HID Prox, iClass, EV1, Mifare Classic
with various content (bus ticket, hotel, e-wallet) - NFC PN532 board (libnfc)
- Raspberry Pi 3 (+microSD card and 3 A power adapter), with assessment
tools and Hackmelock installed for further hacking at home - Bluetooth Smart hardware sniffer (nRF, BtleJack) and development kit
based on nrf51822 module - ST-Link V2 SWD debugger for programming nRF boards
- 2 x Bluetooth Low Energy USB dongles
Each attendee will receive a hardware pack that includes among
others Proxmark 3, a rooted Android smartphone and Raspberry Pi
(detailed below). The hardware will allow for BLE analysis (sniffing,
intercepting), cloning and cracking multiple kinds of proximity cards,
analyse BLE or NFC mobile applications, and practice most of the
training exercises later at home.
Agenda
Time: 9.00am – 6.00pm
Day 1
- Bluetooth Smart (Low Energy)
- Based among others on about 10 various smart locks, beacons, mobile
PoS, banking token, numerous other devices; and tools developed by the
trainer: GATTacker BLE MITM proxy and deliberately vulnerable
Hackmelock (consisting of Android mobile application and lock device
simulated on Raspberry Pi). - Theory introduction
- BLE beacons
- Other BLE advertisements
- Sniffing BLE connections using RF layer hardware
- HCI dump (Linux, Android) – setup, analysis, difference from RF-layer
sniffing, replay/fuzzing possibilities - Attacking services exposed by devices
- Device spoofing, active MITM interception
- Replay attacks
- Mobile application analysis, attacks on proprietary authentication and
protocols - Relay attacks – abusing automatic proximity features (e.g. smart lock
auto-unlock).
Day 2
- Advanced BLE MITM topics
- Remote access share functions and their weaknesses – how to bypass
timing restrictions. - Device DFU firmware update OTA services.
- How to create own, independent server-side API for device – based on a
real smart lock vendor, which disappeared and shut the servers,
effectively rendering the device e-waste. - Bluetooth link-layer encrypted connections
- Web Bluetooth – interfacing with nearby devices from javascript.
- Bluetooth Mesh, Bluetooth 5.0 – what these technologies change and
what not in terms of BLE security. - BLE Hackmelock – open-source software emulated device with multiple
challenges to practice at home. - BLE best practices and security checklist – for security
professionals, pentesters, vendors and developers. - NFC
- Comprising of hands-on exercises on a real access control
installations, hotel system and mobile payment applications. Every
time a student succeeds in bypassing access control system (e.g.
cloning a card), a specially prepared box will automatically unlock,
and allow to collect a delicious prize. - Short introduction
- UID-based access control – practical exercises on example reader +
door lock - Wiegand – wired access control transmission standard
- Mifare Ultralight
Day 3
- Mifare Classic & its weaknesses – practical exercises based on hotel
door lock system, ski lift card, bus ticket - Reverse-engineering data stored on card – based on a real hotel system
- ISO15693/iCode SLIX
- Intercepting card data from distance – building antenna, possibilities
and limits. - Other cards: Mifare Plus, DESFire, Ultralight C, EV1, EV2, HID
iClass/iClass SE – known attacks, cloning possibilities, default &
leaked keys, security best practices. - EMV
- Mobile contactless payments & more
For more information about this training visit https://www.researchandmarkets.com/research/kxptlz/3day_training?w=4
Contacts
ResearchAndMarkets.com
Laura Wood, Senior Press Manager
press@researchandmarkets.com
For
E.S.T Office Hours Call 1-917-300-0470
For U.S./CAN Toll Free Call
1-800-526-8630
For GMT Office Hours Call +353-1-416-8900
Related
Topics: Professional
Development and Training, Near
Field Communication
Thank you for donating to DutchNews.nl.
We could not provide the Dutch News service, and keep it free of charge, without the generous support of our readers. Your donations allow us to report on issues you tell us matter, and provide you with a summary of the most important Dutch news each day.
Make a donation