bluetooth with low energy comes low security
play

Bluetooth: With Low Energy Comes Low Security Mike Ryan iSEC - PowerPoint PPT Presentation

Apr 25, 2023 •10 likes •570 views

Bluetooth: With Low Energy Comes Low Security Mike Ryan iSEC Partners USENIX Security / WOOT Aug 13, 2013 1 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013 Outline What is Bluetooth Low Energy? Protocol overview

  1. Bluetooth: With Low Energy Comes Low Security Mike Ryan iSEC Partners USENIX Security / WOOT Aug 13, 2013 1 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  2. Outline ⇀ What is Bluetooth Low Energy? ⇀ Protocol overview ⇀ Sniffing Techniques ⇀ [ I n]security ⇀ Injection 2 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  3. Outline ⇀ What is Bluetooth Low Energy? ⇀ Protocol overview ⇀ Sniffing Techniques ⇀ [ I n]security ⇀ Injection 3 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  4. What is Bluetooth Low Energy? 4 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  5. What is Bluetooth Low Energy Smart? ⇀ New modulation and link layer for low-power devices ⇀ vs classic Bluetooth ⇁ Incompatible with classic Bluetooth devices ⇁ PHY and link layer almost completely different ⇁ High-level protocols reused (L2CAP, ATT) ⇀ Introduced in Bluetooth 4.0 (2010) ⇀ AKA BTLE 5 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  6. Where is BTLE? ⇀ High end smartphones ⇀ Sports / fitness devices ⇀ Door locks ⇀ Upcoming medical devices 6 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  7. By The Numbers ⇀ 186% YoY Growth for H1 2013 1 ⇀ “over 7 million Bluetooth Smart ICs were estimated to have shipped for use in sports and fitness devices in the first half of 2013 alone” ⇀ “Analysts Forecast Bluetooth Smart to Lead Market Share in Wireless Medical and Fitness Devices” 2 1 http://www.bluetooth.com/Pages/Press-Releases-Detail.aspx?ItemID=170 7 2 http://www.bluetooth.com/Pages/Press-Releases-Detail.aspx?ItemID=165 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  8. Outline ⇀ What is Bluetooth Low Energy? ⇀ Protocol overview ⇀ Sniffing Techniques ⇀ [ I n]security ⇀ Injection 8 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  9. Protocol Stack GATT ATT L2CAP Link Layer PHY 9 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  10. PHY Layer ⇀ GFSK, +/- 250 kHz, 1 Mbit/sec ⇀ 40 channels in 2.4 GHz ⇀ Hopping 10 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  11. Physical Channels ⇀ Advertising: 3 channels ⇀ Data: 37 channels 11 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  12. Hopping ⇀ Hop along 37 data channels ⇀ One data packet per channel ⇀ Next channel channel + hop increment (mod 37) ≡ ⇀ Time between hops: hop interval 3 → 10 → 17 → 24 → 31 → 1 → 8 → 15 → … hop increment = 7 12 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  13. Link Layer ● PDU min of 2 bytes due to 2 byte header ● LLID: Control vs Data ● Length 13 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  14. L2CAP and Beyond ⇀ Use existing decoders for this ⇀ Not a Hard Problem TM 14 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  15. Recap GATT ATT L2CAP Link Layer PHY 15 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  16. Outline ⇀ What is Bluetooth Low Energy? ⇀ Protocol overview ⇀ Sniffing Techniques ⇀ [ I n]security ⇀ Injection 16 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  17. 17 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  18. 18 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  19. How do we sniff it? Start at the bottom and work our way up: GATT → ATT PC → → L2CAP → Link Layer Ubertooth → PHY 19 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  20. Ubertooth Block Diagram PHY layer Link layer RF↔Bits Bits↔Packets CC2591 RF LPC175x CC2400 Bits RF Amp ARM MCU Radio Packets USB 20 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  21. Capturing: PHY Layer ⇀ Configure CC2400 ⇁ Set modulation parameters to match Bluetooth Smart ⇁ Tune to proper channel ⇀ Follow connections according to hop pattern ⇁ Hop increment and hop interval, sniffed from connect packet or recovered in promiscuous mode ⇀ Hand off bits to ARM MCU 21 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  22. What Info Do We Need? ⇀ Access Address ⇁ Advertising: Fixed 0x8E89BED6 ⇁ Connection: Varies ⇀ Channel number Where? ⇁ Hop interval ⇁ Hop increment Easy mode: ⇀ Nice to have: CRCInit Connect packet! 22 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  23. Link Layer CC2400 does this What we know: Access Address FO FREE What we have: Sea of bits What we want: Start of PDU 10001110111101010101 10011100000100011001 23 11100100110100011101 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  24. PHY Layer.. Link Layer.. We converted RF to packets Now what? 24 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  25. Capturing Packets... To PCAP! ⇀ ubertooth-btle speaks packets ⇀ libpcap → dump raw packet data ⇀ PPI header (similar airodump-ng and kismet) ⇀ We have a DLT for Bluetooth Smart ⇁ Unique identifier for the protocol ⇁ Public release of Wireshark plugin Coming Soon TM 25 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  26. Wireshark Awesomeness 26 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  27. Promiscuous Mode ⇀ Techniques for recovering ⇁ Access Address ⇁ CRCInit ⇁ Hop Interval ⇁ Hop Increment 27 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  28. Recovering Access Address ⇀ Sit on data channel waiting for empty data packets ⇀ Collect candidate AA's and pick one when it's been observed enough 10001110111101010101 10011100000100011001 10000000000000001101 10100011000110000101 28 Not depicted: whitening! Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  29. Recovering CRCInit ⇀ Filter packets by Access Address ⇀ Plug CRC into LFSR and run it backward See also “Bluesniff: Eve meets Alice and Bluetooth”, USENIX WOOT '07 29 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  30. Recovering Hop Interval ⇀ Observation: 37 is prime ⇀ Sit on data channel and wait for two consecutive packets Δ t 37 = hopinterval 30 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  31. Recovering Hop Increment ⇀ Start on data channel 0, jump to data channel 1 when a packet arrives ⇀ We know hop interval, so we can calculate how many channels were hopped between 0 and 1 31 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  32. Recovering Hop Increment (math) 0 + hopIncrement × channelsHopped 1 (mod 37) ≡ hopIncrement channelsHopped -1 (mod 37) ≡ channelsHoppped -1 channelsHopped 37-2 (mod 37) ≡ We use a LUT to convert that to hop increment 32 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  33. Sniffing Summary ⇀ Connection following ⇀ Promiscuous: Recovering the four values ⇁ Access address ⇁ CRCInit ⇁ Hop interval ⇁ Hop Increment 33 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  34. Outline ⇀ What is Bluetooth Low Energy? ⇀ Protocol overview ⇀ Sniffing Techniques ⇀ [ I n]security ⇀ Injection 34 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  35. Encryption ⇀ Provided by link layer ⇀ Encrypts and MACs PDU ⇀ AES-CCM ↓↓↓↓↓↓ 35 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  36. Custom Key Exchange Protocol ⇀ Three stage process ⇀ 3 pairing methods ⇁ Just Works TM ⇁ 6-digit PIN ⇁ OOB ⇀ “None of the pairing methods provide protection against a passive eavesdropper” -Bluetooth Core Spec 36 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  37. Cracking the TK confirm = AES(TK, AES(TK, rand XOR p1) XOR p2) GREEN = we have it RED = we want it TK: integer between 0 and 999,999 Just Works TM : always 0! 37 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  38. Cracking the TK – With crackle Total time to crack: < 1 second 38 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  39. And That's It ⇀ TK → STK ⇀ STK → LTK ⇀ LTK → Session keys KEY EXCHANGE = BR0KEN 100% PASSIVE 39 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  40. LTK Reuse ⇀ Good for security: pair in a faraday cage ⇀ Counter-mitigation: Active attack to force re-pairing 40 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  41. Decrypting ⇀ Assumption: Attacker has LTK – reused! ⇀ Procedure ⇁ Attacker passively capturing packets ⇁ Connection established ⇁ Session information captured 41 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  42. Decrypting – With crackle ⇀ Yes, crackle does that too! ⇀ crackle will decrypt ⇁ a PCAP file with a pairing setup ⇁ a PCAP file with an encrypted session, given an LTK 42 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

  43. Am I Affected? ⇀ Probably ⇀ Exception: Some vendors implement their own security on top of GATT ⇁ Did they talk to a cryptographer? 43 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013

Recommend

Using Bluetooth Low Energy for Location What is BLE? Bluetooth Low Energy Originally designed by

Using Bluetooth Low Energy for Location What is BLE? Bluetooth Low Energy Originally designed by

Using Bluetooth Low Energy for Location What is BLE? Bluetooth Low Energy Originally designed by Nokia as Wibree (2001) Bluetooth Smart Why has BLE been so Successful? Rapid adoption by vendors Apple Samsung Simple design Cheap in

422 views • 20 slides
Bluetooth Team 1 What is Bluetooth? Origins Ericsson, 1994 Harald Bluetooth

Bluetooth Team 1 What is Bluetooth? Origins Ericsson, 1994 Harald Bluetooth

Bluetooth Team 1 What is Bluetooth? Origins Ericsson, 1994 Harald Bluetooth Today Bluetooth Special Interests Group Compatible with a multitude of devices Widespread IEEE Standard Secure

230 views • 7 slides
Doing Bluetooth Low Energy on Linux Szymon Janc szymon.janc@codecoup.pl OpenIoT Summit Europe,

Doing Bluetooth Low Energy on Linux Szymon Janc szymon.janc@codecoup.pl OpenIoT Summit Europe,

Doing Bluetooth Low Energy on Linux Szymon Janc szymon.janc@codecoup.pl OpenIoT Summit Europe, Berlin, 2016 Agenda Introduction Bluetooth Low Energy technology recap Linux Bluetooth stack architecture Linux kernel

800 views • 26 slides
BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy Jianliang Wu 1 , Yuhong Nan

BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy Jianliang Wu 1 , Yuhong Nan

BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy Jianliang Wu 1 , Yuhong Nan 1 , Vireshwar Kumar 1 , Dave (Jing) Tian 1 , Antonio Bianchi 1 , Mathias Payer 2 , Dongyan Xu 1 1 Purdue University 2 EPFL Motivation Bluetooth

626 views • 18 slides
A review of the BIAS and KNOB attacks on Bluetooth Classic and Bluetooth Low Energy Daniele

A review of the BIAS and KNOB attacks on Bluetooth Classic and Bluetooth Low Energy Daniele

WAC workshop 2020 A review of the BIAS and KNOB attacks on Bluetooth Classic and Bluetooth Low Energy Daniele Antonioli Daniele Antonioli ( @francozappa ) A review of the BIAS and KNOB attacks on Bluetooth Classic and Bluetooth Low Energy 1

949 views • 69 slides
Using Bluetooth to Determine Using Bluetooth to Determine Travel Times www.kmjinc.com 1 Agenda

Using Bluetooth to Determine Using Bluetooth to Determine Travel Times www.kmjinc.com 1 Agenda

ITE Mid-Colonial District Annual Meeting April 29, 2010 Using Bluetooth to Determine Using Bluetooth to Determine Travel Times www.kmjinc.com 1 Agenda Bluetooth and How It Works The BlueTOAD TM Device Evaluation Project

270 views • 22 slides
Beacons 1 Beacon is continuous Bluetooth Low Energy (BLE) transmitter device with unique

Beacons 1 Beacon is continuous Bluetooth Low Energy (BLE) transmitter device with unique

Beacons 1 Beacon is continuous Bluetooth Low Energy (BLE) transmitter device with unique identifier at a known place. 2 The beacons manufacturers BlueCats BlueSense Estimote Gelo Kontact Sonic Notify

972 views • 11 slides
On Practical Selective Jamming of Bluetooth Low Energy Advertising S. Brauer, A. Zubow, S. Zehl,

On Practical Selective Jamming of Bluetooth Low Energy Advertising S. Brauer, A. Zubow, S. Zehl,

On Practical Selective Jamming of Bluetooth Low Energy Advertising S. Brauer, A. Zubow, S. Zehl, M. Roshandel, S. M. Sohi Technical University Berlin &amp; Deutsche Telekom Labs Germany Outline Motivation, Problem Statement, System

655 views • 23 slides
Indoor Positioning: A Comparison of WiFi and Bluetooth Low Energy for Region Monitoring Alexander

Indoor Positioning: A Comparison of WiFi and Bluetooth Low Energy for Region Monitoring Alexander

Indoor Positioning: A Comparison of WiFi and Bluetooth Low Energy for Region Monitoring Alexander Lindemann, Bettina Schnor , Jan Sohre, Petra Vogel Potsdam University Institute of Computer Science Operating Systems and Distributed Systems

430 views • 29 slides
Presented By: Paul Misticawi VP of Sales, TrafficCast What is Bluetooth How are

Presented By: Paul Misticawi VP of Sales, TrafficCast What is Bluetooth How are

Presented By: Paul Misticawi VP of Sales, TrafficCast What is Bluetooth How are traveltimes derived from Bluetooth devices Turning Raw Data into Information Applications Using Bluetooth TravelTimes Using

198 views • 16 slides
IoTSSC Bluetooth Bluetooth Classic (Basic Rate BR/Enhanced Data Rate EDR) In 1990s

IoTSSC Bluetooth Bluetooth Classic (Basic Rate BR/Enhanced Data Rate EDR) In 1990s

IoTSSC Bluetooth Bluetooth Classic (Basic Rate BR/Enhanced Data Rate EDR) In 1990s Ericsson wanted to connect other devices to mobile phone without cables Established a consortium which accumulated over the years 20k members (!)

933 views • 46 slides
Java 2 Micro Edition Socket, SMS and Bluetooth F. Ricci 2009/2010 Content Other Connection

Java 2 Micro Edition Socket, SMS and Bluetooth F. Ricci 2009/2010 Content Other Connection

Java 2 Micro Edition Socket, SMS and Bluetooth F. Ricci 2009/2010 Content Other Connection Types Responding to Incoming Connections Socket and Server Socket Security Permissions Security domains Midlet signing

1.04k views • 59 slides
Next Generation BlueZ &amp; Bluetooth Smart Devices Johan Hedberg (Intel) Bluetooth Short

Next Generation BlueZ &amp; Bluetooth Smart Devices Johan Hedberg (Intel) Bluetooth Short

Next Generation BlueZ &amp; Bluetooth Smart Devices Johan Hedberg (Intel) Bluetooth Short Introduction Short range wireless technology operating at 2.4 GHz Originally announced in 1998 as a replacement for RS-232 but has evolved

346 views • 21 slides
GLOBAL ENERGY SECURITY THROUGH DIALOGUE GLOBAL ENERGY SECURITY THROUGH DIALOGUE Role of IEF

GLOBAL ENERGY SECURITY THROUGH DIALOGUE GLOBAL ENERGY SECURITY THROUGH DIALOGUE Role of IEF

GLOBAL ENERGY SECURITY THROUGH DIALOGUE GLOBAL ENERGY SECURITY THROUGH DIALOGUE Role of IEF Neutrality IEF adds value Promoting Inclusive Global Energy Cooperation by standing for Energy Data Transparency Ministerial Meeting Outcomes

112 views • 8 slides
CS5530 Mobile/Wireless Systems Android Bluetooth Interface Yanyan Zhuang Department of Computer

CS5530 Mobile/Wireless Systems Android Bluetooth Interface Yanyan Zhuang Department of Computer

CS5530 Mobile/Wireless Systems Android Bluetooth Interface Yanyan Zhuang Department of Computer Science http://www.cs.uccs.edu/~yzhuang UC. Colorado Springs CS5530 Ref. CN5E, NT@UW, WUSTL Bluetooth Communication Bluetooth-enabled

343 views • 18 slides
Bluetooth on modern Linux Szymon Janc szymon.janc@codecoup.pl Embedded Linux Conference, San

Bluetooth on modern Linux Szymon Janc szymon.janc@codecoup.pl Embedded Linux Conference, San

Bluetooth on modern Linux Szymon Janc szymon.janc@codecoup.pl Embedded Linux Conference, San Diego, 2016 Agenda Introduction Bluetooth technology recap Linux Bluetooth stack architecture Linux kernel BlueZ 5

743 views • 28 slides
Embedded wireless networking using Bluetooth &amp; 802.11: state-of-the-art and research

Embedded wireless networking using Bluetooth &amp; 802.11: state-of-the-art and research

Embedded wireless networking using Bluetooth &amp; 802.11: state-of-the-art and research challenges Pravin Bhagwat pravin@acm.org http://www.winlab.rutgers.edu/~pravin 16 th ACM Supercomputing New York, NY June 22, 2001 Bluetooth A cable

1.31k views • 109 slides
ENERGY SECURITY Dr Jarosaw Winiewski, LSEE Visiting Fellow @jarwisniewski OUTLINE 1. Energy

ENERGY SECURITY Dr Jarosaw Winiewski, LSEE Visiting Fellow @jarwisniewski OUTLINE 1. Energy

POLITICISATION OF ENERGY SECURITY Dr Jarosaw Winiewski, LSEE Visiting Fellow @jarwisniewski OUTLINE 1. Energy mix 2. Energy security in South East Europe 3. Energy security (definitions) 4. Pipelines Great pipeline rivalry South

432 views • 27 slides
anytime anywhere with Apsima 1 www.apsima.com Intro to BLE Beacons Micro-location

anytime anywhere with Apsima 1 www.apsima.com Intro to BLE Beacons Micro-location

Stay in touch, anytime anywhere with Apsima 1 www.apsima.com Intro to BLE Beacons Micro-location beacons utilize Bluetooth Low Energy (BLE) to allow any mobile device with enabled Bluetooth 4.0 to know where it is in relation to a

443 views • 28 slides
Energy Security of EaP Countries and Energy Union Strategy EaP Platform 3 meeting #14 Murman

Energy Security of EaP Countries and Energy Union Strategy EaP Platform 3 meeting #14 Murman

Energy Security of EaP Countries and Energy Union Strategy EaP Platform 3 meeting #14 Murman Margvelashvili Brussels December 11, 2015 Energy Security in the Context of National Security ( example of Georgia ) National Values Freedom,

355 views • 18 slides
Energy in Transition: How Green Energy Investments Enhance Energy Security Dr. Spyros Kiartzis

Energy in Transition: How Green Energy Investments Enhance Energy Security Dr. Spyros Kiartzis

Energy in Transition: How Green Energy Investments Enhance Energy Security Dr. Spyros Kiartzis Manager New Technologies &amp; Alternative Energy Sources 11 th International Conference on Energy and Climate Change, Athens, 10 October 2018

588 views • 21 slides
Bluetooth Hacking The State of the Art 22C3 December 30st 2005, Berlin, Germany by Adam Laurie,

Bluetooth Hacking The State of the Art 22C3 December 30st 2005, Berlin, Germany by Adam Laurie,

Bluetooth Hacking The State of the Art 22C3 December 30st 2005, Berlin, Germany by Adam Laurie, Marcel Holtmann and Martin Herfurt ... because infinite is sometimes not enough! Agenda Quick technology overview Security mechanisms

776 views • 49 slides
Advanced Energy for Homeland CONVERGE S T R A T E G I E S Defense and Security Michael Wu and

Advanced Energy for Homeland CONVERGE S T R A T E G I E S Defense and Security Michael Wu and

Advanced Energy for Homeland CONVERGE S T R A T E G I E S Defense and Security Michael Wu and Wilson Rickerson AGENDA 1.Defense Energy and National Security 2.State Support for DoD Missions 3.Advanced Energy Security for the Home Front

697 views • 16 slides
Dissecting Broadcom Bluetooth Dennis Mantz Jiska Classen Technische Universitt Darmstadt

Dissecting Broadcom Bluetooth Dennis Mantz Jiska Classen Technische Universitt Darmstadt

Dissecting Broadcom Bluetooth Dennis Mantz Jiska Classen Technische Universitt Darmstadt Technische Universitt Darmstadt Security Analyst @ ERNW GmbH (Heidelberg) Secure Mobile Networking Lab - SEEMOO Motivation 2 Reverse engineering

432 views • 24 slides

More recommend