As a Bluetooth guy, and as someone who just posted a bunch of DEFCON 27 stuff, I feel compelled to say something about the Key Negotiation of Bluetooth Attack (aka KNOB) which has been getting a lot of attention the past few days.
Here’s the actual paper from the USENIX Security Symposium.
Here’s a higher level overview of how the attack works.
Also of interest, also from USENIX, also getting some media attention: “Please Pay Inside: Evaluating Bluetooth-based Detection of Gas Pump Skimmers“. What’s cool about this is that the authors have developed Bluetana, an Android app that scans for Bluetooth devices in the area (every five seconds), displays a list of devices it found, and highlights ones that show characteristics similar to those of Bluetooth skimmers.
I’m fascinated by both of these papers, just based on a preliminary skimming. I’m hoping to do a detailed reading at that mythical point in the future when I have more free time…