Wireless & Radio
Wireless and radio penetration testing covering BLE/Bluetooth Low Energy, Zigbee, and other RF protocols. Device discovery, protocol enumeration, security assessment, and exploitation for IoT and embedded systems.
Wireless and radio pentesting targets BLE, Zigbee, and other RF protocols used in IoT devices, smart locks, wearables, and industrial systems. Testing follows a methodology similar to network pentesting: discovery, enumeration, security assessment, and exploitation.
Wireless Pentesting Methodology
The wireless assessment workflow typically follows:
- Discovery — Identify devices advertising or transmitting in range (scan, passive capture)
- Enumeration — Map services, characteristics, and protocol structure (GATT for BLE)
- Security Assessment — Evaluate pairing, encryption, and access control
- Exploitation — Replay attacks, unauthenticated access, MITM when applicable
- Reporting — Document findings with risk ratings and remediation guidance
Hardware: Many wireless tests require specialized hardware (e.g., CC1352/CC2652 dongles for BLE sniffing, Ubertooth, SDR). Ensure appropriate adapters are available before engagement.
In this section
- BLE / Bluetooth Low Energy
BLE and Bluetooth Low Energy penetration testing guide covering device discovery, GATT enumeration, security mode assessment, traffic capture with Sniffle, and exploitation techniques for IoT devices, smart locks, wearables, and BLE-enabled systems.