Reversing IoT devices is usually fun. During lock down, I decided to hack AND stay fit with a connected jump rope (a rope which automatically counts how many loops you did, how long you jumped etc).
The hack is interesting in 2 different aspects:
This work can be applied to most Bluetooth Low Energy (BLE) devices. I have previously reversed a smart toothbrush (Troopers 2018), a connected glucose sensor, a smart coffee maker: in each case, we can use more or less the same methodology... without having to sniff BLE!
Providing Bluetooth Capture The Flag (CTF) challenges. Ph0wn is a CTF event on the French riviera. It focuses on IoT, and therefore we are always looking for new, intriguing and not too expensive connected objects to hack. Unfortunately, there are several issues when deploying BLE devices: connections issues + ensuring flags cannot be stolen. The talk explains the solutions I chose.