A new tool – BLEAH which is used for attacking Bluetooth Low Energy devices is now available for download in evilsocket repository. This can be used for perform sniffing and man in the middle attack.
What makes BLE Vulnerable?
Bluetooth LE is the least secure of all the bluetooth versions. BLE hardwares are designed to be very small in size and work with low powered battery. So they lack so many security features such as channel hopping mechanism and other built in mechanisms. BLEAH takes advantage of these flaws to do MITM attacks, sniffing data packets and writing data to the devices.
How to Install
BLEAH is based on bluepy library, which provides us a python interface to Bluetooth LE on Linux machines. This library is required for BLEAH to work. So first let us install all the dependencies and install bluepy. Execute below commands one by one.
$ sudo apt-get install git build-essential libglib2.0-dev $ git clone https://github.com/IanHarvey/bluepy.git $ cd bluepy $ python setup.py build $ sudo python setup.py install
Now we can install BLEAH
git clone https://github.com/evilsocket/bleah.git cd bleah python setup.py build sudo python setup.py install
To check, execute
Source : https://www.evilsocket.net/2017/09/23/This-is-not-a-post-about-BLE-introducing-BLEAH/