MRMCD 2019

Your locale preferences have been saved. We like to think that we have excellent support for English in pretalx, but if you encounter issues or errors, please contact us!

Playing with Bluetooth
2019-09-14 , Mayfair
Language: English

Rolling out patches for Bluetooth firmware is hard for vendors, but it is a lot of fun if you can do it yourself!


Current state of our Bluetooth hacking projects related to InternalBlue and Nexmon. We will tell you more about some details, but in an entertaining way.

We almost won a code staring contest, because we did not use the right terms to search for leaked source code and hidden symbols. We spent hundreds of Euros on a new smartphone just to see that it announces another firmware version than what is actually inside—and to confirm that the vendor knew about a vulnerability we believed to be undiscovered. We enthusiastically bought the new Raspberry Pi 4, which was announced to have Bluetooth 5.0, but in fact has the same chip as the Raspberry Pi 3+.

Dennis is a Pentester and Security Researcher at ERNW focusing on mobile and embedded security. His fields of interest include firmware reverse engineering, binary exploitation and software defined radios. In his free time he enjoys participating in, and sometimes also hosting Capture The Flag (CTF) competitions.

PhD student who likes unicorns and hates Bluetooth.