BlueToolkit: Open-source Bluetooth Classic vulnerability testing framework

BlueToolkit is an open-source tool that helps find security flaws in Bluetooth Classic devices. It runs known and custom exploits to test if a device is vulnerable.

Right now, it includes 43 different exploits. Some are public, and others were made specifically for this toolkit.

“The framework allows you to reuse PoCs of different attacks and connect your own hardware with minimal code/configuration needed. The concept is simple and known – vulnerability scanners make use of it, but there was no Bluetooth Classic vulnerability scanner and BlueToolkit solves this problem,” the creator of BlueToolkit told Help Net Security.

The tool works like a black box. That means it doesn’t need inside access to the device to run tests. But if needed, it can also be used in a gray-box way. This means it can connect to the target’s operating system to see Bluetooth logs and reduce false results. To do this, users have to extend the tool and set up that connection themselves.

BlueToolkit automatically downloads all available vulnerability and hardware templates. You can also create custom templates and checks, or add new hardware, by following the BlueToolkit templating guide.

Researchers have already used the framework to find 64 vulnerabilities in 22 cars (Audi, BMW, Chevrolet, Honda, Hyundai, Mercedes-Benz, Mini, Opel, Polestar, Renault, Skoda, Toyota, VW, Tesla).

BlueToolkit is available for free on GitHub.

Must read:

• GitHub CISO on security strategy and collaborating with the open-source community
• Don’t let these open-source cybersecurity tools slip under your radar
• 33 open-source cybersecurity solutions you didn’t know you needed