BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: Exploiting Bluetooth - from your car to the bank acc
 ount$$\n   When: Friday\, Aug 9\, 17:30 - 18:15 PDT\n   Where: LVCC West/F
 loor 1/Hall 1/Track 3 - [1]Map\n\n   Description:\n\n   Over the past deca
 de\, infotainment systems have experienced a growth\n   in functionality\,
  broader adoption\, and central incorporation into\n   vehicle architectur
 e. Due to the ever-growing role of wireless\n   protocols such as Bluetoot
 h and a known lack of patches alongside the\n   difficulty of patch instal
 lation\, this poses a new attack surface and\n   a genuine threat to the u
 sers. Meanwhile\, the tools and methodologies\n   required for testing are
  scattered across the Internet\, absent and\n   need a rigorous setup.\n\n
    In this talk\, we share a comprehensive framework BlueToolkit to test\n
    and replay Bluetooth Classic vulnerabilities. Additionally\, we release
 \n   new exploits and a privilege escalation attack vector.\n\n   We show 
 how we used the toolkit to find 64 new vulnerabilities in 22\n   modern ca
 rs and the Garmin Flight Stream flight management system used\n   in sever
 al aircraft types. Our work equips hackers with insights and\n   necessary
  information on novel vulnerabilities that could be used to\n   steal info
 rmation from target cars\, establish MitM position or\n   escalate privile
 ges to hijack victims’ accounts and MFA codes\n   stealthily.\n\n   Over
 all\, we show vulnerabilities in cars\, aircraft and smartphones. We\n   b
 elieve our research will be beneficial in finding new vulnerabilities\n   
 and making Bluetooth research more accessible and reproducible.\n\n   Refe
 rences:\n\n     * BlueToolkit - Bluetooth Classic vulnerability testing fr
 amework\n       link (all exploits will be uploaded after 9th of August)\n
 \n     * MapAccountHijack - Tool that allows hijacking services by\n      
  exploiting widely used Bluetooth Classic functionality link - [2]link\n  
      (accessible after 9th of August)\n\n     * D. Antonioli and M. Payer.
  On the insecurity of vehicles against\n       protocol-level bluetooth th
 reats. In 2022 IEEE Security and\n       Privacy Workshops (SPW)\, pages 3
 53–362\, Los Alamitos\, CA\, USA\,\n       May 2022. IEEE Computer Socie
 ty.\n\n     * Cross-Sectional Analysis of the Bluetooth Stack of Modern Ca
 rs -\n       (The link will be updated)\n\n     * Wenjian Xu. Stealthily A
 ccess Your Android Phones: Bypass The\n       Bluetooth Authentication. li
 nk\, 2020.\n\n     * Tyler Tucker\, Hunter Searle\, Kevin Butler\, and Pat
 rick Traynor.\n       Blue’s clues: Practical discovery of non-discovera
 ble bluetooth\n       devices. In 2023 IEEE Symposium on Security and Priv
 acy (SP)\,\n       pages 3098–3112\, 2023.\n\n     * Maximilian von Tsch
 irschnitz\, Ludwig Peuckert\, Fabian Franzen\, and\n       Jens Grossklags
 . Method confusion attack on bluetooth pairing. In\n       2021 IEEE Sympo
 sium on Security and Privacy (SP)\, pages\n       1332–1347\, 2021.\n\n 
     * Daniele Antonioli\, Nils Ole Tippenhauer\, and Kasper Rasmussen. The
 \n       KNOB is Broken: Exploiting Low Entropy in the Encryption Key\n   
     Negotiation of Bluetooth BR/EDR. In USENIX Security Symposium\n       
 (SEC)\, August 2019\n\n   Speakers:Vladyslav Zubkov\,Martin Strohmeier\n\n
    SpeakerBio:  Vladyslav Zubkov\, Bug Bounty Hunter\n\n   Vladyslav Zubko
 v (aka yso and schwytz) is a bug bounty hunter. He is\n   consistently amo
 ng the top hackers at live hacking events organized by\n   Meta\, Intel\, 
 Louis Vuitton\, Intigriti and YesWeHack. His interests\n   include vulnera
 bility research\, application security\, red teaming\, bug\n   bounty hunt
 ing\, developing tools and proactively securing systems.\n\n   SpeakerBio:
   Martin Strohmeier\, Senior Scientist at Cyber Defence\n   Campus\n\n   M
 artin Strohmeier is a Senior Scientist at the Swiss Cyber Defence\n   Camp
 us\, where he is responsible for vulnerability research programmes\n   int
 o aircraft\, satellites and cars. His work was published in all\n   major 
 systems security conferences\, totalling more than 100\n   publications to
  date. He has also spoken previously at the DEFCON\n   Aerospace Village a
 nd co-organized CTFs there.\n\n   '\n\n   1. #LVCCW_Level1_Hall1\n   2. ht
 tps://github.com/sgxgsx/mapAccountHijack\n\n\n
DTEND:20240810T011500Z
DTSTART:20240810T003000Z
LOCATION:DC - LVCC West/Floor 1/Hall 1/Track 3
SUMMARY:Exploiting Bluetooth - from your car to the bank account$$
END:VEVENT
END:VCALENDAR