WS - 9

Dissecting and Exploiting BLE Devices 101

WS - 9

Dissecting and Exploiting BLE Devices 101


Workshop Objective:

Dissecting and exploiting BLE device 101 is built for anyone who wants to get started with BLE security testing, understating the BLE internals, and the packet format of Bluetooth Low Energy devices which helps the attendees to understand, enumerate and exploit the BLE smart devices.

During the class, attendees will practically analyse the packet in real time and understand the stack layers, packet format, type of request, security modes etc.,. With the gained knowledge attendees will practically exploit the well known BLE devices.

Post session the attendees will have an idea on various tools, enumerate, analyse the packet and identify vulnerability in the BLE smart devices.

Course Content (ToC):

  • Bluetooth Course Outline:
    • Introduction to Bluetooth Low Energy
    • Dissection of BLE Communication
    • BLE Security Features
    • BLE Exploitation
  • BLE Kick Start
    • Bluetooth History
    • BLE vs ZIGBEE vs WIFI
    • LMP Version
    • Classic vs Smart Ready vs Smart
  • Understanding BLE stack (With Demo)
    • Physical Layer - Channel, Frequency
    • Layer to Link
      • Introduction to Link Layer
      • Link Layer Packet Format
      • Advertisement PDU - Directed, Undirected
      • Enumerating Advertisement PDU - Demo
      • BLE Scanning PDU - Active, Passive
      • Enumerating Scanning PDU - Demo
      • Connection,Initiating PDU
    • L2CAP
    • SMP - All about Security
      • Introduction to SMP
      • BLE Security - 4.1 vs 4.2
      • Security Features - Encryption, Integrity, Privacy
      • BLE Pairing Methods
      • Pairing Process - Demo
      • Dissection of Pairing Packet
      • BLE Security Modes
    • GATT
      • GATT - Services, Characteristic, Profiles
      • Packet Analysis
  • Analysing BLE Devices
    • Introduction to HCI tools and discover devices
    • Interacting with BLE device - Bluetoothctl
    • Enumerating of BLE device - open source script and tools
    • Exploring gattool
    • Read / write device using gatttool
    • Writing custom value to handle - DEMO / Analyse
    • Analysing the HCI log from host machine
  • Exploiting BLE Devices
    • GATTACKER - Introduction
    • Gattacker - Capture / Modify / Replay Packet
    • BTLE Juice - Introduction
    • MITM using BTLE Juice - DEMO
    • BLE exploitation with Python script
    • Python Library and Setup for Bluetooth
    • Understanding pygatt/publuez functions
    • Exploit Device using Automation
  • Conclusion
    • Q & A
    • Additional discussion
    • Different type of approach and secure implementation technique
    • Will share our experience on previous BLE Pen-testing


  • Basic Understanding of BLE concepts
  • Knowledge on Linux OS and commands
  • Basic Knowledge of Programming – python

Pre-requisite Material

  • Laptop with at least 25 GB Free space and 8 GB of RAM
  • Administrator level privilege
  • External USB access
  • Virtualisation software - Virtualbox/ VMware


  • Course material and slides
  • VM with Tools required for BLE testing
  • Hardware to use in class - smart watch, smart bulb, beacon, baggage tracker, etc.

Who should attend:

  • Security Enthusiasts
  • IoT security Pen-testers
  • Web/mobile application pentesters
  • Embedded Developers • Security Architects

What to expect:

  • Hands-On lab
  • Getting familiar with BLE packet format and stack
  • Getting familiar with BLE security and the mitigations
  • This workshop will help you kick start pen-testing BLE devices
  • Use the knowledge gained in the training to sharpen your skills on BLE security

What not to expect:

  • Becoming an BLE security expert in a day.


  • Multiple bike buster for laptop and devices
  • Both trainee and trainer need internet access

Speaker Profile:

Nalla Muthu S , Senior Cyber Security Analyst, Honeywell

Nalla Muthu is a security enthusiastic, who strongly believes in understanding the basic concept rather than exploiting. He have an immense knowledge on security testing, he has more than 5 year of experience in the field of cyber security with a solid knowledge on web application, Mobile,Thick client, Reverse Engineering, Bluetooth security testing and the secure implementation technique. He has good knowledge in python which helped him to come up with lot of automation scripts related to security testing for Web, Thick Client, firmware, Mobile and Bluetooth. He hold OSWP, OSCP and OSCE certification from offensive security. He is an active speaker at NULLCON, Chennai and wrote a blog on exploiting android service and broadcast receivers in medium. He share his personal cyber security research knowledge on

Mounish P , Cyber Security Analyst, Honeywell

Mounish is an Electronic engineer, with a solid background in this field, associated with many personal and professional experiments in the field of micro-controller. After time in the electronics industry as an embedded system engineer he made a career move towards hardware and IoT security. He has researched extensively on serial interfacing techniques, exploiting communication protocols such as ZIGBEE, ZWAVE and BLE. He wrote a blog on exploiting BLE smart bulb and tools related to BLE which can be found in Github. He is an active speaker at local IoT chapters and Embedded device development meetups.

Conference Partners

  • ISRA
  • Clients
  • Clients

Platinum Sponsors

  •  Bharat Petroleum |Oil & Gas Companies
  •  GAS (India) Limited
  •  South Indian Bank
  •  R P Group
  •  Cochin Shipyard Ltd

Gold Sponsors

  •  VenSec
  •  Federal Bank
  • IT Mission
  •  National Technical Research Organisation (NTRO)

Silver Sponsors

  •  Dell
  •  State Bank of India
  •  CyberARC
  •  Palo Alto Networks
  • Ramada Resort, Kochi
  • Indian Oil Corporation
  • Petronet LNG

Bronze Sponsors

  •  CloudSEK
  •  Geogit
  •  Trend Micro
  • Vodafone
  • Aster Medicity
  •  azr


  • Fortinet
  •  Zenletics Cyber Security Solutions Pvt. Ltd


  • Cloud Security Alliance
  • ISC2 Bangalore