Workshop

Seasides 2025 Edition

Mastering IoT Exploitation: Advanced Hardware and Bluetooth Security

This course focuses on IoT exploitation with a major emphasis on hardware hacking, Bluetooth
vulnerabilities, and hardware security. Participants will engage in hands-on techniques to
exploit, analyze, and secure IoT hardware.

IoT and Hardware Security Modules

Module 1: Introduction to IoT and Hardware Security

  • 1.1 Overview of IoT Ecosystem
    • Common IoT architectures and communication protocols
    • Attack surfaces in IoT devices
  • 1.2 Introduction to Hardware Security
    • What is hardware security?
    • Key security threats to hardware devices
  • 1.3 Basics of Hardware Hacking
    • IoT device teardown, tools, and best practices
    • Common interfaces (UART, JTAG, SPI, I2C)

Module 2: Hardware Hacking Techniques and Exploits

  • 2.1 UART and JTAG Exploitation
    • Tools and methods for interfacing with hardware
    • Lab: Gaining root access via UART
  • 2.2 Memory Dumping
    • Extracting data from memory interfaces
  • 2.3 Debug Port Exploitation
    • Exploiting hidden debug ports to bypass authentication
    • Lab: Debug port exploitation
  • 2.4 ICE-Bite for Hardware Security
    • Overview of ICE-Bite: A solderless testing tool
    • Lab: Using ICE-Bite for testing PCBs without soldering
    • Microprobing with ICE-Bite for secure PCB handling
    • Cost-effective, open-hardware design for IoT device inspection

Module 3: Advanced Hardware Security and IoT Exploitation

  • 3.1 Bootloader Security
    • Attacking and bypassing secure boot features
    • Lab: Bootloader exploitation
  • 3.2 Physical Tampering and Tamper Protection
    • Mitigating physical attacks on IoT hardware
  • 3.3 Advanced Hardware Security Solutions
    • Implementing security at the hardware level
  • 3.4 Side-Channel Attacks
    • Techniques such as voltage and clock glitching
    • Lab: Exploiting side-channel vulnerabilities
  • 3.5 Final Project: Comprehensive IoT Exploitation and Security Testing

Module 4: Bluetooth Hacking

  • 4.1 Bluetooth Protocol Overview
    • BLE vs Classic Bluetooth: Power consumption and data rate differences
    • Bluetooth Security Models: Pairing, bonding, encryption, and security gaps
    • Bluetooth Core Specifications: Improvements in 5.0 and 5.2 for security
    • Tools: hcitool, gatttool, Wireshark, Ubertooth One for analysis and monitoring
  • 4.2 Reconnaissance and MITM Attacks on Bluetooth
    • Bluetooth Reconnaissance: Scanning and identifying devices using tools like bettercap
    • Passive Attacks: Listening to Bluetooth traffic with Ubertooth One and Wireshark
    • Active Attacks: Spoofing and eavesdropping on communications
  • 4.3 Advanced Bluetooth Exploits
    • Exploiting Pairing: Attack LE Secure Connections, exploit weak setups, and crack LTK
    • Fuzzing Bluetooth: Crash or overflow Bluetooth stacks using InternalBlue or fuzzers
    • Zero-Click Exploit (CVE-2023-45866): Exploit without user interaction, simulate attack
    • Attacking Smart Devices: Reverse-engineer protocols and exploit pairing flaws
  • 4.4 Infamous Bluetooth Bugs and Open-Source Library Exploits (time permits)
    • BlueBorne: Exploit vulnerabilities in Android, Windows, Linux, and iOS devices
    • KNOB Attack: Reduce encryption key strength during pairing and intercept data
    • Open-Source Libraries: Analyze Bluetooth libraries for vulnerabilities
    • Braktooth: Understanding attack in depth
  • 4.5 CTF

Basic electronics knowledge and embeddeds
Familiarity wireless communications

CTF winners gets swags and Training kit from
IOTSRG

Laptop with 

  • Wi-Fi capabilities
  • At least 4 GB RAM free
  • Admin rights
  • virtualization software installed VMWare, VirtualBox)
  • Ubuntu-like OS on host, if not planning to use a VM

Participants will gain hands-on experience in exploiting and securing IoT devices, focusing on
hardware security, Bluetooth vulnerabilities, and best practices for safeguarding devices.