Introducing new, free #Bluetooth Low Energy hardware-less HackMe - your go to for mastering #BLE #security #hacking basics hands-on with just a standard Win10 laptop and Android phone. Info: MS store: source:

@CayreRomain @ghidraninja Yes, it was nice work, the eLink has interesting vulnerabilities. It was later also presented by @cyberMilosz If you still need more samples I have dozens of vulneraBLE smart locks: auth based on MAC, static hardcoded pass, plain text, '001122..' AES,...

@CayreRomain @0K_ultra I like for example Nuki - for the open specification of all their communication protocols No need for reversing to check the security, and there are several open source integrations.

@a66ot @herrmann1001 (browsing Kickstarter history...) Yep, of course I backed it up. But usually others beat me at the job - before I even unpack...

RT @marcnewlin: I decided to release the PoC scripts ahead of my ShmooCon talk. Happy Hacking :)

@jilles_com @OoijenBas @doegox Sure I'm staying for the conference, also love your CTFs by the way!

@jilles_com @OoijenBas Thanks Jilles, hope to meet you in Hague again!

@marunmagesh Thanks Arun!

🛡️ Join my 🚀 action packed hands-on @hardwear_io #Bluetooth #BLE #security assessment #training to master #IoT devices #pentesting! 📦 Included 📱 phone 🍓 raspberry pi 🕵️ sniffers 🔓 smart locks zero days 💣👾 ⏰Seats are filling fast, enroll ASAP!

RT @hardwear_io: 📟Get familiar on how BLE works in practice by controlling your dedicated training device! 💡Slawomir @slawekja is here to…

RT @hitbsectrain: Explore BLE advertisements, connections, sniffing, and remote relay attacks with @slawekja at #HITB2023HKT! Join us to en…

RT @hardwear_io: New Training alert! 🧬Fingerprinting, sniffing, MITM, etc., the possible attacks you will find out in the Bluetooth Low ene…

@mherfurt @pascal_gujer @smartlockpick Yes that was also my first guess when I saw this. I don't think the owner left a phone as article mentions he sent a message to the "thief". But maybe he just left the keyfob inside?

RT @Kevin2600: I just wrote an article regarding to BLE relay attack on smart cars. Not much of new stuff, but tested on multiple cars, and…

@mame82 @mherfurt Hi Marcus, thanks! Sorry for delay, I've been offline. Yes, I'm aware of @mherfurt work, I was able to remotely relay Tesla as well. Yes, relay requires 2 devices, but BLExy could be used for other Martin's attacks against Tesla (counter confusion, auth extract/replay...)

@Kevin2600 @mherfurt It took me a few tries before I figured how to trigger the proximity auto unlock (without owner's app interaction). Looks like the car has several antennas measuring the RSSI from which side you approach.

@KimZetter @Tesla @Kevin2600 @CarHackVillage No worries, no pressure at all, it's not urgent :)

@KimZetter @Tesla @Kevin2600 @CarHackVillage Main diff of the dumps at first look is that pm3 sniffs the whole ISO14443 (current research dump) and phone (NFCGate, 2020 dump) just ISO7816 - a few bytes shorter on "head"/"tail". But AID, APDUs (at least start) look the same. A few more links in CVE

RT @zh4ck: Only at a hacker conference like @HITBSecConf where @sergeybelove scans an NFC Mifare business card from @slawekja via a Flipper…