Since our last update, the Bluetooth team has made progress on hitting our devices with L2ping. We have also received communication from Btlejuice’s creator to help us solve some of the problems we encountered. We learned that Btlejuice is optimized to run using the Google Chrome web browser, so we worked on getting Chrome installed on one of our Kali laptops. We were unsuccessful in getting Chrome installed, but were able to get its counterpart, Chromium installed. However, running the web interface on the new browser still has not solved our connection problems within Btlejuice. In the coming weeks, we hope to have further correspondence with the creator of Btlejuice, attempting to troubleshoot these issues.
Exploitation Phase Update
Continuing with the ’l2ping’ comand, our team further exploited more of the devices that were listed in our earlier blogs. Most notably our Fitbit Surge was able to be exploited with an exciting post-exploitation problem. The device was not able to receive the ping packets while paired or not in pair mode, but it was able to receive the packets in pair mode. On the first attempt the Surge automatically restarted itself after a flood of roughly 300 packets. The same steps were taken in the second flood but the Surge never restarted this time. Instead the flood was cancelled and the Surge allowed to pair. Once paired, the Surge was vulnerable to ping floods at any time even when not in pair mode! The issue could be resolved with a manual restart but if a consumer was unaware, then their device could be jammed at any time.
IoT Devices (Wink/Schlage Deadbolt)
In a previous semester the team has the Schlage Deadbolt which was exploited last semester here at the LCDI. This semester, we are hoping to probe more into this device in an attempt to disrupt the Bluetooth connection between the phone and lock, thereby hindering the lock from being unlocked.
New to our device collection, we have acquired a WinkHub and will try to see what sort of information can be gathered or altered from it when it is communicating with a manner of other bluetooth devices.
As the team returns from Spring Break, we plan to finish our l2ping work and continue correspondence with Btlejuice’s creator to resolve our issues with Btlejuice. Now that we have obtained the Schlage lock that was successfully exploited last semester, we can check to see if Btlejuice is failing with all devices or if the Schlage is in some way different from all our other devices. Lastly, we hope to utilize the WinkHub to see if we can exploit various bluetooth devices from the centralized hub.
Questions or comments? Please share with us in the comment section below! You can also reach out to our Twitter and Facebook or email us at firstname.lastname@example.org. Also don’t forget to read our Blogs!