Bluetooth Classic (BR/EDR) Attacks

Older than BLE, less commonly attacked today, but still present in cars, industrial sensors, audio gear, and legacy enterprise hardware. Many of the well-known historic attacks (BlueSnarf, BlueBug) are mitigated; KNOB and the BlueBorne family remain relevant against unpatched devices.

Quick Workflow

1. Discover devices with hcitool / bluetoothctl / redfang
2. Enumerate exposed services via SDP
3. Test each service profile for unauth access
4. Check pairing crypto (KNOB applicability)
5. Proximity-physical attacks for legacy / unpatched

Discovery