Posts
Marco Casagrande presented at WiSec'23 our paper titled: E-Spoofer: Attacking and Defending Xiaomi Electric Scooter Ecosystem.
In a nutshell, we reverse-engineered the proprietary wireless protocols used by Xiaomi e-scooters and companions applications (i.e., Mi Home) over BLE, found critical vulnerabilities, exploited them to get arbitrary read and write capabilities on an e-scooter both in proximity and remotely (via a malicious Android app), developed concrete countermeasures, released a toolkit to reproduce our findings and tamper with the protocols, and responsibly disclosed our results to Xiaomi.
The Digital Security Department of EURECOM invites applications for a tenured position at the Assistant Professor level in the area of Digital Security. Starting date: ASAP. Full info here.
Please spread the word 😄 !
Our talk titled BreakMi: Reversing, Exploiting and Fixing Xiaomi (and Fitbit) Fitness Tracking Ecosystems has been accepted at Hardwear.io USA'23. The talk extends and complements our paper titled BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking Ecosystem. The talk covers new relevant and educational aspect about our study that we did not have time to talk about during the paper presentation at CHES'22. For instance we will cover in detail:
Marco Casagrande presented his excellent poster about BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking Ecosystem during EURECOM’s Scientific Council (SC).
The call for papers for 2023 ACM Cyber-Physical System Security Workshop (CPSS) is open. The workshop is held in conjunction with ACM AsiaCCS'23 in Melbourne, Australia. For more information see the CPSS website and its call for papers.
We presented our paper titled BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking Ecosystem at CHES 2022 in the hardware security track.
Here is the excellent presentation given by Marco Casagrande. You can also check out the presentation slides and the BreakMi repository to reproduce our findings (with the help of video tutorials nicely prepared by Marco).
I’m glad to share three updates about the BLURtooth paper.
We successfully tested the BLUR attacks on a Google Pixel 6 (Bluetooth 5.2) and submitted our findings to Google. They classified the report with high severity, assigned CVE-2022-20361, and shipped fixes as part of August’s Android Security bulletin. More details about the fixes can be found here. This is yet another finding demonstrating that the attacks are effective on all Bluetooth versions supporting CTKD unlike stated in this note from the Bluetooth SIG .
Below you can find a webinar that I’ve recorded for the Automotive Security Research Group (ASRG) talking about our recent paper titled On the Insecurity of Vehicles Against Protocol-Level Bluetooth Threats.
The webinar will also be linked for WOOT'22 as the talk I gave at the workshop was not recorded because of some issues.
I am glad to share that our paper titled BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking Ecosystem is publicly available here. In this work, we reverse-engineer, exploit, and fix the proprietary security protocols used by Xiaomi to secure the Bluetooth Low Energy communication between its trackers and smartphone applications. We also release BreakMi, a tool to reproduce our findings and perform further analyses on Xiaomi’s Fitness tracking ecosystem. We also evaluated BreakMi on the Fitbit ecosystem and found that most of the vulnerabilities and attacks presented for Xiaomi are portable with minor adjustments to the Fitbit ecosystem.