Bluetooth Security Vulnerabilities and Attacks

Analysis of Security Vulnerabilities and Attack Methods of Bluetooth Technology

In current network applications, the Internet of Things has ubiquitous requirements for item diversity, low cost, low speed, and short distance. Such requirements are mainly realized through low-speed network protocols such as Bluetooth. Bluetooth is an open standard for short-distance communication, which uses embedded chips to realize wireless connections with a communication distance between 10m and 100m. The design goal of Bluetooth is to enable personal devices produced by various manufacturers to more easily realize low-speed data transmission and cross-operation through this network protocol through a unified short-range wireless connection standard. Bluetooth technology has the characteristics of low cost, low power consumption, small module size, and easy integration, which is very suitable for application in new IoT mobile devices.

1. The security system of Bluetooth technology

1.1 Four-level security mode

(1) Security mode 1: Security mode l does not have any security mechanism, does not initiate a security program, and has no security functions such as verification and encryption. In this mode, the device runs faster and consumes less, but the data is easily attacked during transmission. . Bluetooth V2.0 and earlier versions support this mode.

(2) Security mode 2: Security mode 2 is a mandatory eye layer security mode, and the security program can only be initiated when the logical channel of the channel is established. In this mode, security policies such as authentication requirements, authentication requirements, and encryption requirements for data transmission determine whether to generate an instruction to initiate a security program. All current Bluetooth versions support this mode, and its main purpose is to make it compatible with versions before V2.0.

(3) Security mode 3: Security mode 3 is a link layer security mechanism. In this mode, the Bluetooth device must initiate a security procedure before the channel physical link is established. This mode supports functions such as authentication and encryption. Only versions above V2.0 support security mode 3, so this mechanism is less compatible and flexible than security mode 2.

(4) Security Mode 4: This mode is similar to Security Mode 2. It is a service-level security mechanism. The ECDH algorithm is used in the link key generation link, which is more secure than the previous three modes and the device pairing process is somewhat different. Simplified, man-in-the-middle attacks and passive eavesdropping can be prevented to some extent. When connecting a device, it is the same as security mode 3 to first determine whether to initiate a security program. If necessary, check whether the key is available. If the key is available, use the simple direct pairing method of SSP to connect through the authentication and encryption process.

1.2 Key Management

(1) Link key: The link key is a 128b random number, which is activated by the pseudo-random number RAND, personal identification code PIN, and device address through the E21 or E22 stream cipher algorithm. The initial key and combined key are generated through the initialization process and are used as temporary link keys to be discarded after the authentication between devices is completed. The master key can be used by devices to broadcast encrypted information in the piconet, and the master key will replace the original link key when sending broadcast information. After the unit key is generated, it will be saved in the Bluetooth device and will be directly applied to the link communication.

(2) Encryption key: The authenticated Bluetooth device can use the encryption key to encrypt the transmitted data during communication. The key is generated by the symmetric encryption algorithm E3 algorithm, the word length is 128b, and is generated by the pseudo-random number RAND, the encryption offset COF generated in the authentication process, and the current link key K. Bluetooth adopts the method of group encryption, the encryption key and other parameters (device address of the main device, random number, Bluetooth clock parameters) generate a binary key stream through the E0 algorithm to encrypt and decrypt the transmitted data.

1.3 Authentication

The purpose of authentication is to authenticate the identity of the device, and at the same time give feedback on whether the parameter transfer is successful. It can be either a one-way process or a mutual authentication, but both need to generate a link key in advance. The device address of the authenticated device, the random number generated by the authenticated main device, and the link key are all involved, thereby generating a response message and an authentication encryption offset value. The former is passed to the main device for verification. If the same Then the authentication is successful. If the authentication fails, a certain length of waiting time is required before authentication can be performed again. The authentication process is shown in Figure 3.

2. Known Bluetooth Security Vulnerabilities

2.1 Frequency hopping clock: Bluetooth transmission uses adaptive frequency hopping technology as the spread spectrum method, so the running counter in the frequency hopping system contains a 28-bit frequency hopping clock with a frequency of 3.2kHz, so that the control instructions are strictly in accordance with clock synchronization, information sending and receiving timing and Frequency hopping control thus reduces transmission interference and errors. However, attackers often interfere with the work of the frequency hopping command generator and frequency synthesizer by attacking the frequency hopping clock, so that the Bluetooth devices cannot communicate normally, and use the strong wave penetration and propagation width of the electromagnetic pulse to eavesdrop on the communication Parameters related to content and frequency hopping.

2.2 PIN code problem: The personal identification number (PIN) in the key control diagram is four digits, which is the only trusted source for generating the encryption key and the link key. When two Bluetooth devices are connected, the user needs to separate them in the device Enter the same PIN code to pair. Due to the short PIN code, the number of keys in the key space of the encryption key and the link key is limited to 10 orders of magnitude, and if the user uses an overly simple PIN code (such as continuous same characters), long-term Bluetooth devices that do not change the PIN code or use a fixed built-in PIN code are more vulnerable to attack. Therefore, in versions after V2.1, the length of the PIN code is increased to 16 bits, which increases the key space and improves the security of the Bluetooth device connection authentication process, and it will not be caused by using too long data. The string brings inconvenience to communication.

2.3 Link key spoofing: The link key used in the communication process is based on the fixed unit key in the device, while other information in the encryption process is public, so there are large loopholes. For example, when device A communicates with different devices, it uses its own unit key as the link key. An attacker uses device C that has communicated with A to obtain this unit key, and can forge another link key that has communicated with A. The device address of device B calculates the link key, and pretends to be B to pass A's authentication, and B pretends to be c as well.

2.4 Encrypted key stream repetition: The encrypted key stream is generated by the E0 algorithm, and the generation sources include the main device clock, link key, etc. During a particular encrypted connection, only the clock of the master device is changed. If the device continues to be used for more than 23I3 hours, the clock value will start repeating, resulting in a keystream identical to that used in the previous connection. The repetition of the key stream is easy to be exploited by the attacker as a loophole, so as to obtain the initial plaintext of the transmitted content.

2.5 Authentication process/Password in simple and secure pairing: In addition to using the personal identification code PIN for pairing, the Bluetooth standard has added a simple and secure pairing SSP (SecureSimplePairing, SSP) method starting from version V2.1. The SSP method is more convenient than the previous PIN code pairing. Unlike PIN code pairing, which requires two paired devices with input modules to enter the pairing password at the same time, SSP only needs two paired devices with output modules to confirm whether it is displayed on the screen. Just the same random number. Establish a Bluetooth physical connection through device search, generate a static SSP password, and establish a connection in four steps of authentication. However, this association model does not provide protection against man-in-the-middle attacks, and static SSP passwords are easily broken by man-in-the-middle attacks.

3. Security Threats of Bluetooth Technology

The attack threats against Bluetooth can be roughly divided into two types, one is an attack applicable to different wireless networks, and the other is a specific attack against Bluetooth.

3.1 Denial of service attack: The principle of denial of service attack (DOS) is to continuously send connection requests to the attacked target in a short period of time, so that the attacked target cannot establish a normal connection with other devices. The Bluetooth logical link control and adaptation protocol stipulates that the higher-level protocol of the Bluetooth device can receive and send 64KB data packets, similar to ping data packets. For this feature, the attacker can send a large number of ping data packets to occupy the Bluetooth interface, so that The bluetooth interface cannot be used normally, and the bluetooth is always in a high-frequency working state, which drains the battery of the device. The flow chart of DoS attack is shown in Figure 4.

3.2 Man-in-the-middle attack: The attacker between two devices intercepts the data sent by one party and then forwards it to the other party, so that the content of the communication between the two parties can be obtained without affecting the communication between the two parties. It is a widely used in wireless networks. attack method. The Bluetooth Low Energy technology (BluetoothLowEnergy, BLE) of the Bluetooth 4.0 version has security measures to prevent man-in-the-middle attacks at the beginning of the design, but in the product stage, considering factors such as product power consumption and cost, this aspect has not received enough attention, and it is still easy. being attacked. The most common is to forge BLE communication with a Bluetooth attack device combined with hardware and software to carry out man-in-the-middle attacks. A schematic diagram of a man-in-the-middle attack is shown in Figure 5.

3.3 Vulnerability eavesdropping: Bluetooth eavesdropping can be realized by attacking Bluetooth vulnerabilities. The OBEX (ObjectExchange) protocol in Bluetooth, that is, the object exchange protocol, did not mandate the use of authorization in early Bluetooth product specifications, so attackers can take advantage of this vulnerability Link to the attacked mobile phone without being prompted by the attacked mobile phone, obtain permission to add, delete, and modify various multimedia files and SMS call records in the mobile phone, and even make and answer calls through mobile phone commands. The instruction codes with these attack functions are written by hackers as mobile phone software, which can be downloaded on the Internet. Ordinary people usually use a graphical interface to operate, and some counterfeit mobile phones even have this function. After successfully pairing with other mobile phones, they can obtain the operation authority of the other mobile phone. However, with the continuous improvement of Bluetooth technology, attacks against early Bluetooth vulnerabilities are now becoming less and less common.

3.4 Replay attack: The principle of replay attack is to monitor or forge the authentication credentials of the communication between the two parties, and then send it back to the attacked party for authentication after processing. There are 79 channels in the Bluetooth transmission process, and the attacker can attack by monitoring the channel, calculating the frequency hopping sequence, and playing back the IZI command of the authorized device. A protocol to prevent replay attacks has been added to the V4.2 standard.

3.5 Pairing eavesdropping: The default 4-digit PIN code of Bluetooth V2.0 and earlier versions is easy to be cracked by violence, because the arrangement and combination of low-digit numbers is very limited, and the LE pairing of Bluetooth V4.0 is the same. As long as the attacker listens to enough data frames, he can determine the key through brute force cracking and other methods, simulate the communication party, and achieve the attack purpose.

3.6 Location attack: Each Bluetooth device has a unique 6-byte serial number as the device address. Since this serial identification does not change during use, it is easy to leak the location information of the device. The attacker can obtain the geographical location of the attacked device according to the Bluetooth FM connection mechanism and paging mechanism, device identifier and other communication parameters.

3.7 Simple pairing mode attack: The SSP secure simple pairing connection method stipulated by Bluetooth V2.0 is not safe, because it uses a static password and cannot prevent man-in-the-middle attacks, and once the attacker obtains the password, it can be used within a period of time Make persistent attacks.

Summarize

With the rapid promotion of Internet of Things technology in manufacturing, agriculture, and household equipment, the application prospects of Bluetooth cannot be underestimated, but it is also facing greater challenges. Therefore, we look forward to further implementing the necessary security strategies in the future design of the Bluetooth standard. At the same time, when using Bluetooth devices for transmission, we should also increase the security awareness of the use of Bluetooth devices and try to use the strongest security mode.

The above is the analysis of security vulnerabilities and attack methods of Bluetooth technology introduced by Shenzhen Zuchuang Microelectronics Co., Ltd. for you. If you have Bluetooth product design and development needs, you can trust us. We have rich experience in custom development of smart electronic products. We can evaluate the development cycle and IC price as soon as possible, and can also calculate the PCBA quotation. We are a number of chip agents at home and abroad: Songhan, Yingguang, Jieli, Ankai, Quanzhi, realtek, with MCU, voice IC, BLE Bluetooth IC, dual-mode Bluetooth module, wifi module. We have hardware design and software development capabilities. Covering circuit design, PCB design, single-chip microcomputer development, software custom development, APP custom development, WeChat official account development, voice recognition technology, Bluetooth development, wifi technology, etc. It can also undertake the research and development of smart electronic products, the design of household appliances, the development of beauty equipment, the development of Internet of Things applications, the design of smart home solutions, the development of TWS earphones, the development of Bluetooth earphone speakers, the development of children's toys, and the research and development of electronic education products.