BLE Driving 101

I’m writing this article on my path of becoming a better researcher on IoT devices.

My goal was to create a portable device that I could use to scan BLE (aka Bluetooth Low Energy) devices and improve future tasks – like pentesting IoT for clients.

Disclaimer: No harm or malicious activities have been done to any device. Don’t use this type of information to do illegal stuff.

I used bleah (props to evilsocket) to record all the BLE devices on a car drive. Keep in mind that BLE has a max. range of around 100 meters (on open space) but the cheap adapter that I used had a range of 20 to 50 meters.

So first things first right? Modify my dongle.

I had the HUGE help of kripthor and we started by disassembling the device and identify where the antenna was.

We removed the connection and, after a few tries, we connected the external antenna of a old IP cam. Because the PCB was too small and the wires could break when we connect the device, we used a solder wire plastic holder (as a case) to have it all together and connected everything with chinese glue gun 🙂

This was the final result.

On the left you have a original dongle and in the right the mean mother f*cker dongle!

What I noticed… Better range and signal. I did a couple of tests using my own wearable and than my friend Paulo enters the scene to hold his watch in a open space.

Original dongle

80 meter range didn’t detect it

60 meter range -117dBm (sometimes didn’t detect it)

30 meter range -84dbm

10 meter range -76dbm

Mean mother f*cker dongle

100 meter range -92 dBm

60 meter range -84dBm

30 meter range -76dbm

10 meter range -71dbm

Now that I have a better dongle 😀 I had it to my portable configuration:

1x CSR 4.0 bluetooth adapter

1x Raspberry Pi 2 model B with a acrylic case (running Raspbian)

1x Powerbank

Devices found

Vendors that allowed connections ✓:

53x Unknown vendors

10x Samsung Electronics Co.

4x Apple

2x Polar Electro Oy

2x Samsung Electro-mechanics(thailand)

1x Texas Instruments

1x Google

1x Huawei Technologies Co

Totalling 74 devices in a 2.4km car drive across the city. On the unknown vendors I saw a couple of chinese wearables, Tiles, Bike GPS, etc:

Next step is to check popular areas, eg: running or bikes race events. That would pick lots of BLE devices.