Major Bluetooth Vulnerability

Bluetooth has a serious security vulnerability:

In some implementations, the elliptic curve parameters are not all validated by the cryptographic algorithm implementation, which may allow a remote attacker within wireless range to inject an invalid public key to determine the session key with high probability. Such an attacker can then passively intercept and decrypt all device messages, and/or forge and inject malicious messages.

Paper. Website. Three news articles.

This is serious. Update your software now, and try not to think about all of the Bluetooth applications that can't be updated.

Posted on July 25, 2018 at 2:08 PM • 24 Comments

Comments

Not too concernedJuly 25, 2018 2:31 PM

"Don't Panic!" THe last time I paired a device was when I got a new vehicle. Before that... I don't remember.

Sure you could be hacked, but the odds of someone being close enough WHILE you are performing an operation that takes maybe a minute seem awfully small.

Interface BiasJuly 25, 2018 2:38 PM

"Update your software now, and try not to think about all of the Bluetooth applications that can't be updated."

I wonder how many women lying in bed next to their husbands have that exact same thought.....

keithzgJuly 25, 2018 3:13 PM

I do enjoy that as time goes on, the movie-style hacking stuff in Person Of Interest that kept the action moving along manages to retroactively seem quite plausible.

Sure you could be hacked, but the odds of someone being close enough WHILE you are performing an operation that takes maybe a minute seem awfully small.

I wonder if DoS attacks could be done though to force users to attempt to repair, or perhaps even some automatic re-pairing? Still a very localized attack then, of course, but then it could be done on demand, much like ARP replay for WEP or deauth packets for WPA.

HmmJuly 25, 2018 3:23 PM

"but the odds of someone being close enough WHILE you are performing an operation"

Depends more on the prevalence of the attack in the wild, more than anything else right?

MarcJuly 25, 2018 4:07 PM

>> Sure you could be hacked, but the odds of someone being close enough WHILE you are performing an operation that takes maybe a minute seem awfully small.

Not directly related to this attack, but: a few months ago, I was sitting in a cafe listening to a podcast on my Bluetooth earbuds when I got the "Your battery is low. Please recharge." message. (Side rant: why do they make the warnings so damn verbose? It covers at least five seconds of audio; a single beep would give the same information and not piss me off every time.) I plugged the buds into my USB adapter and pulled out my spare pair - but when I turned them on, I heard smooth R&B instead of "WTF with Marc Maron".

It turned out that a lady a few tables away was struggling to pair her Apple Watch with her iPhone just at that moment, AND my spare earbuds wake up in pairing mode - though I normally have to sacrifice a goat to get a Bluetooth device to pair with anything.

I'm not sure we even NEED a deliberate attack; like all inanimate objects, BT devices hate us and are out to get us anyway.

65535July 25, 2018 4:19 PM

There is an interesting list of “Affected” devices and Microsoft is not affected [on all products?].

Apple Affected
Broadcom Affected
Google Affected
QUALCOMM Incorporated Affected
Microsoft Not Affected
RSA Security LLC Not Affected
Bluetooth SIG Unknown
Linux Kernel Unknown

see:
Vulnerability Notes Database

https://www.kb.cert.org/vuls/id/304725

I would assume that Microsoft would be affected because of it wide use of Intel chips. Now, maybe Microsoft’s OS is not affected but the Intel chips associated with the key exchange would be. How odd.

WadeJuly 25, 2018 4:26 PM

>> Sure you could be hacked, but the odds of someone being close enough WHILE you are performing an operation that takes maybe a minute seem awfully small.

Location context might dramatically increase the odds. I can imagine someone wiring a remote device into a rental car, where users frequently pair their phones to the infotainment system.

HmmJuly 25, 2018 4:53 PM

Nobody would have any way of detecting it. It's a wide swath of manufacturers.
Those factors would make it extremely useful to certain groups given the ubiquity of BT.

We remember the Dual-EC campaign, what if this was also known about "in circles" before now?

As for "10-30 meter" range claimed, class 1 can do a fair sight more than that.

"By soldering on an external antenna cable, the range of a Bluetooth Class 1 dongle can be extended, allowing an attacker to connect to class 2 devices (intended for a range of 10 meters) from a range of over a mile."

CharlesJuly 25, 2018 5:00 PM

Apparently the mitigation for this in the standard is to renegotiate keys, which doesn't help. So already-paired devices could be vulnerable.

Also, from the researcher:
"Notice that they list Microsoft as "not affected" because Microsoft implements an old version of the standard, which is even less secure, rather than the broken contemporary standard."

echoJuly 25, 2018 8:12 PM

So this is a compromised pairing issue? Oh, no big deal in the real world then.

JaneJuly 25, 2018 8:49 PM

Where does it say this is only a pairing issue???

"...inject an invalid public key to determine the session key with high probability.... then passively intercept and decrypt all device messages"

That doesn't sound like it only affects pairing to me....

HmmJuly 25, 2018 9:01 PM

Pairing is the hook of this particular attack on parameters. They get data ongoing after that.

It also implies other attacks are possible.

65335July 26, 2018 12:36 AM

@ echo and Hmm

I am not so sure that pairing or bonding is a small issue for early or pre v2.1 Bluetooth devices. Bluetooth is a corner of the security field I don't know much about.

Some people have said the Paris Hilton nude photos were due to a bluetooth attack or a leak at the mobile phone company. Who knows. I don't use bluetooth but I guess the man-in-middle attacks or stingray attacks is somewhat similar.

[Wikipedia]

“Pairing and bonding
“Pairing mechanisms changed significantly with the introduction of Secure Simple Pairing in Bluetooth v2.1. The following summarizes the pairing mechanisms: “Legacy pairing: This is the only method available in Bluetooth v2.0 and before. Each device must enter a PIN code; pairing is only successful if both devices enter the same PIN code. Any 16-byte UTF-8 string may be used as a PIN code; however, not all devices may be capable of entering all possible PIN codes.” -Wkipedia

“Security concerns
“Prior to Bluetooth v2.1, encryption is not required and can be turned off at any time. Moreover, the encryption key is only good for approximately 23.5 hours; using a single encryption key longer than this time allows simple XOR attacks to retrieve the encryption key.”- wikipedia

https://en.wikipedia.org/wiki/Bluetooth#Pairing_and_bonding

and

https://en.wikipedia.org
/wiki/Mobile_security#Attacks_based_on_communication_networks

“Principle of Bluetooth-based attacks
“Security issues related to Bluetooth on mobile devices have been studied and have shown numerous problems on different phones. One easy to exploit vulnerability: unregistered services do not require authentication, and vulnerable applications have a virtual serial port used to control the phone. An attacker only needed to connect to the port to take full control of the device.[23] Another example: a phone must be within reach and Bluetooth in discovery mode. The attacker sends a file via Bluetooth. If the recipient accepts, a virus is transmitted. For example: Cabir is a worm that spreads via Bluetooth connection.[13] The worm searches for nearby phones with Bluetooth in discoverable mode and sends itself to the target device. The user must accept the incoming file and install the program. After installing, the worm infects the machine.” -Wikipedia

[See bottom of section and Bluetooth]

https://en.wikipedia.org/wiki/Mobile_security#Attacks_based_on_vulnerabilities_in_software_applications

“Any device with its Bluetooth connection turned on and set to "discoverable" (able to be found by other Bluetooth devices in range) may be susceptible to Bluejacking and possibly to Bluesnarfing if there is a vulnerability in the vendor's software. By turning off this feature, the potential victim can be safer from the possibility of being Bluesnarfed; although a device that is set to "hidden" may be Bluesnarfable by guessing the device's MAC address via a brute force attack. As with all brute force attacks, the main obstacle to this approach is the sheer number of possible MAC addresses. Bluetooth uses a 48-bit unique MAC Address, of which the first 24 bits are common to a manufacturer.[1] The remaining 24 bits have approximately 16.8 million possible combinations, requiring an average of 8.4 million attempts to guess by brute force. Attacks on wireless systems have increased along with the popularity of wireless networks. Attackers often search for rogue access points, or unauthorized wireless devices installed in an organization's network and allow an attacker to circumvent network security. Rogue access points and unsecured wireless networks are often detected through war driving, which is using an automobile or other means of transportation to search for a wireless signal over a large area. Bluesnarfing is an attack to access information from wireless devices that transmit using the Bluetooth protocol. With mobile devices, this type of attack is often used to target the international mobile equipment identity (IMEI). Access to this unique piece of data enables the attackers to divert incoming calls and messages to another device without the user's knowledge.”- Wikipedia

https://en.wikipedia.org/wiki/Bluesnarfing

“Bluebugging manipulates a target phone into compromising its security, this to create a backdoor attack before returning control of the phone to its owner. Once control of a phone has been established, it is used to call back the hacker who is then able to listen in to conversations. The Bluebug program also has the capability to create a call forwarding application whereby the hacker receives calls intended for the target phone… further development of Bluebugging has allowed for the control of target phones through Bluetooth phone headsets, It achieves this by pretending to be the headset and thereby "tricking" the phone into obeying call commands. Not only can a hacker receive calls intended for the target phone, he can send messages, read phonebooks, and examine calendars.”-wikipedia

https://en.wikipedia.org/wiki/Bluebugging

I would like to hear from somebody knowledgeable about Bluetooth security and how to know when one is using a Bluetooth v2.1 device and the related risks. I am guessing that scamming Bluetooth is about as easy as a fake radio AP device as a man in the middle, or the stingray spoofing attacks that are documented. Any Bluetooth experts out there care to speak up?


[note]: some urls may not word wrap correctly and you will have to make the corrections.

HmmJuly 26, 2018 1:23 AM

@65335

I haven't used it ever since it was shown in something like 2001 to be garbage.
Somehow I was able to live comfortably enough without it.

I skimmed the wiki to refresh my memory and it's even worse than I remember, in the initial versions the keypairs were super short lived such that after 24 hours you were basically broadcasting in the clear. 20 years later and now they don't need to wait.

#progress


jerJuly 26, 2018 1:54 AM

Sure you could be hacked, but the odds of someone being close enough WHILE you are performing an operation that takes maybe a minute seem awfully small.

This is when all of the hacked BT enabled IoT devices around you strike.

HendrikJuly 26, 2018 3:15 AM

It turned out that a lady a few tables away was struggling to pair her Apple Watch with her iPhone just at that moment, AND my spare earbuds wake up in pairing mode - though I normally have to sacrifice a goat to get a Bluetooth device to pair with anything.

It's even more "fun" to switch pairing, ie. when I move from desktop in study to laptop in next door room for my noise-cancelling headset.... I'm not even mentioning BT mouse/keyboards (that bitten fruit variety)

But back on topic: which 2.4GHz based RF protocol(s) have not been shown to be faulty/buggy/holey/etc.?
/me looks at his collection of drones

I recall a Cryptogram article stating the issue about security vs convenience/costs/etc. and Bluetooth is that oone where the user's experience and "returns"/support costs was valued way, way higher than anything security related... I see that even more with IoT devices, where the simplicity of connections counts much more with the S in IoT being left out by design...

Bluetooth is but IoT devices in the small ;(

Givon ZirkindJuly 26, 2018 5:03 AM

Actually, this did happen in real life. There were people (or kids, teenage hackers, still people, just young people) who hung out in a mall (New Jersey is full of them), outside a Radio Shack and trapped info as customers had their newly purchased devices activated. This was years back. I don't remember where I read the article.

meJuly 26, 2018 5:56 AM

a bit off topic:
-i have an opel car with bluetooth
-it has a menu where you can select a pin, was default at 0000 i have changed it to a random one.
-i paired the phone with the car
-no pin is ever asked it just said success after i clicked the car from the phone, no password, pin or confirmation dialog appears from the car (or phone)

is this normal?
is that pin used at all?
i think that this means that if i turn on the car and someone is near he can pair his phone with my car.
other problem: my car has an option bluetooth on/off but it doesn't save that option accross "reboots" so when i turn off and on the car the bluetooth comes back on.
i also noticed that it is not visible from the phone after "a while" so i guess that it stay visible only for a short period after turning on the car, the icon is there forever, unless i turn off bluetooth from the menu.

i'd like to keep bluetooth off to avoid possible (and unlikely) hacks but seems that it is not possible. i need it rarely.

Steve FriedlJuly 26, 2018 8:44 AM

This can't be a serious issue: no catchy name, no fancy logo: looks like the work of amateurs.

:-)

TRXJuly 26, 2018 1:35 PM

> I normally have to sacrifice a goat to get a Bluetooth device to pair with anything.

Any particular kind of goat?

[been fighting Bluetooth issues on a tablet for several months now]

PeaceHeadJuly 26, 2018 5:51 PM

I find it helpful to remove bluetooth chips and firmware and softwares as much as is reasonably possible.

It's just a nightmare if the bluetooth stuff is integrated. But if not, it usually hurts nothingn to just physically remove the chips.

It's an educational experience, at least.

Peace be with you, me, us, them, others.

Peaceful coexistence is an unalienable entitlement of all sentient beings.
Warfare is a form of slavery.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.