skip to main content
10.1145/3488932.3523258acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
research-article
Public Access

BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy

Published: 30 May 2022 Publication History

Abstract

Bluetooth is a pervasive wireless technology specified in an open standard. The standard defines Bluetooth Classic (BT) for high-throughput wireless services and Bluetooth Low Energy (BLE) very low-power ones. The standard also specifies security mechanisms, such as pairing, session establishment, and cross-transport key derivation (CTKD). CTKD enables devices to establish BT and BLE security keys by pairing just once. CTKD was introduced in 2014 with Bluetooth 4.2 to improve usability. However, the security implications of CTKD were not studied carefully.
This work demonstrates that CTKD is a valuable and novel Bluetooth attack surface. It enables, among others, to exploit BT and BLE just by targeting one of the two (i.e., Bluetooth cross-transport exploitation). We present the design of the first cross-transport attacks on Bluetooth. Our attacks exploit issues that we identified in the specification of CTKD. For example, we find that CTKD enables an adversary to overwrite pairing keys across transports. We leverage these vulnerabilities to impersonate, machine-in-the-middle, and establish unintended sessions with any Bluetooth device supporting CTKD. Since the presented attacks blur the security boundary between BT and BLE, we name them BLUR attacks. We provide a low-cost implementation of the attacks and test it on a broad set of devices. In particular, we successfully attack 16 devices with 14 unique Bluetooth chips from popular vendors (e.g., Cypress, Intel, Qualcomm, CSR, Google, and Samsung), with Bluetooth standard versions of up to 5.2. We discuss why the countermeasures in the Bluetooth are not effective against our attacks, and we develop and evaluate practical and effective alternatives.

Supplementary Material

MP4 File (final.mp4)
The talk presents cross-transport key derivation (CTKD) as a new attack surface for Bluetooth. Bluetooth includes Bluetooth Classic (BC) and Bluetooth Low Energy (BLE), and CTKD enables to attack BC from BLE and vice versa. Based on the first security evaluation of CTKD, the authors find novel vulnerabilities in its specification and develop four new cross-transport attacks named BLUR attacks as they blur the BC/BLE security boundary. Before this work, such a security boundary was considered not crossable. The BLUR attacks enable cross-transport impersonation of Bluetooth Peripherals and Centrals, Machine-in-the-middle attacks, and unintended sessions. The attacks and standard-compliant and were successfully evaluated on 16 devices from different hardware and software providers implementing all the Bluetooth versions compatible with CTKD currently in the market. The authors present concrete fixes to the BLUR attacks and discuss why the mitigation is the Bluetooth standard is not effective against them.

References

[1]
Wahhab Albazrqaoe, Jun Huang, and Guoliang Xing. 2016. Practical Bluetooth traffic sniffing: Systems and privacy implications. In Proceedings of the Annual International Conference on Mobile Systems, Applications, and Services. ACM, 333--345.
[2]
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen. 2019 a. The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation of Bluetooth BR/EDR. In Proceedings of the USENIX Security Symposium. USENIX.
[3]
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen. 2019 b. Nearby Threats: Reversing, Analyzing, and Attacking Google's "Nearby Connections" on Android. In Proceedings of the Network and Distributed System Security Symposium (NDSS).
[4]
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen. 2020 a. BIAS: Bluetooth Impersonation AttackS. In Proceedings of Symposium on Security and Privacy (S&P). IEEE.
[5]
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen. 2020 b. Key Negotiation Downgrade Attacks on Bluetooth and Bluetooth Low Energy. Transactions on Privacy and Security (TOPS) (2020). https://doi.org/10.1145/3394497
[6]
AOSP. 2020. Fluoride Bluetooth stack. https://chromium.googlesource.com/aosp/platform/system/bt//master/README.md, Accessed: 2020-01--27.
[7]
Python Cryptographic Authority. 2019. Python cryptography. https://cryptography.io/en/latest/, Accessed: 2019-02-04.
[8]
Xiaolong Bai, Luyi Xing, Nan Zhang, XiaoFeng Wang, Xiaojing Liao, Tongxin Li, and Shi-Min Hu. 2016. Staying secure and unprepared: Understanding and mitigating the security risks of Apple zeroconf. In 2016 IEEE Symposium on Security and Privacy (SP). IEEE, 655--674.
[9]
Eli Biham and Lior Neumann. 2018. Breaking the Bluetooth Pairing--Fixed Coordinate Invalid Curve Attack. http://www.cs.technion.ac.il/ biham/BT/bt-fixed-coordinate-invalid-curve-attack.pdf.
[10]
Bluetooth SIG. 2019 a. Bluetooth Core Specification v5.2. https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=478726, Accessed: 2020-01--27.
[11]
Bluetooth SIG. 2019 b. Bluetooth Markets. https://www.bluetooth.com/markets/.
[12]
Bluetooth SIG. 2020 a. Bluetooth Market Update 2020. https://www.bluetooth.com/bluetooth-resources/2020-bmu/.
[13]
Bluetooth SIG. 2020 b. Bluetooth SIG Statement Regarding BLURtooth. https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/blurtooth/.
[14]
Bluetooth SIG. 2021 a. Bluetooth Core Specification v5.3. https://www.bluetooth.org/DocMan/handlers/DownloadDoc.ashx?doc_id=521059, Accessed: 2021-11-15.
[15]
Bluetooth SIG. 2021 b. Bluetooth Market Update 2021. https://www.bluetooth.com/bluetooth-resources/2021-bmu/?utm_campaign=bmu&utm_source=internal&utm_medium=web&utm_content=2021bmu-resourcepopup.
[16]
BlueZ. 2014. Bluetooth 4.2 features going to the 3.19 kernel release. https://tinyurl.com/q9dzh2h, Accessed: 2020-01-27.
[17]
Guillaume Celosia and Mathieu Cunche. 2019. Fingerprinting Bluetooth Low Energy devices based on the generic attribute profile. In Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things. 24--31.
[18]
Cypress. 2019 a. BLE and Bluetooth. https://www.cypress.com/products/ble-bluetooth, Accessed: 2020-01-27.
[19]
Cypress. 2019 b. CYW920819EVB-02 Evaluation Kit. https://www.cypress.com/documentation/development-kitsboards/cyw920819evb-02-evaluation-kit, Accessed: 2019-11-16.
[20]
John Dunning. 2010. Taming the blue beast: A survey of Bluetooth based threats. IEEE Security & Privacy, Vol. 8, 2 (2010), 20--27.
[21]
Scott Fluhrer and Stefan Lucks. 2001. Analysis of the E0 encryption system. In Proceedings of the International Workshop on Selected Areas in Cryptography. Springer, 38--48.
[22]
Garbelini, Matheus and Chattopadhyay, Sudipta and Wang, Chundong. 2020. SweynTooth: Unleashing Mayhem over Bluetooth Low Energy. https://asset-group.github.io/disclosures/sweyntooth/sweyntooth.pdf, Accessed: 2020-04-08.
[23]
Jaap Haartsen, Mahmoud Naghshineh, Jon Inouye, Olaf J Joeressen, and Warren Allen. 1998. Bluetooth: Vision, goals, and architecture. ACM SIGMOBILE Mobile Computing and Communications Review, Vol. 2, 4 (1998), 38--45.
[24]
Keijo Haataja and Pekka Toivanen. 2010. Two practical man-in-the-middle attacks on Bluetooth secure simple pairing and countermeasures. Transactions on Wireless Communications, Vol. 9, 1 (2010), 384--392.
[25]
Konstantin Hypponen and Keijo MJ Haataja. 2007. Nino man-in-the-middle attack on Bluetooth secure simple pairing. In Proceedings of the International Conference in Central Asia on Internet. IEEE, 1--5.
[26]
Intel. 2019. Intel Wireless Solutions. https://www.intel.com/content/www/us/en/products/wireless.html, Accessed: 2020-01--27.
[27]
Markus Jakobsson and Susanne Wetzel. 2001. Security weaknesses in Bluetooth. In Proceedings of the Cryptographers' Track at the RSA Conference. Springer, 176--191.
[28]
Sławomir Jasek. 2016. Gattacking Bluetooth smart devices. Black Hat USA Conference.
[29]
Jakob Jonsson. 2002. On the security of CTRCBC-MAC. In Proceedings of the International Workshop on Selected Areas in Cryptography. Springer, 76--93.
[30]
John Kelsey, Bruce Schneier, and David Wagner. 1999. Key schedule weaknesses in SAFER. In Proceedings of the Advanced Encryption Standard Candidate Conference. NIST, 155--167.
[31]
Albert Levi, Erhan Çetintacş, Murat Aydos, Çetin Kaya Koç, and MUfuk Çauğlayan. 2004. Relay attacks on Bluetooth authentication and solutions. In Proceedings International Symposium on Computer and Information Sciences. Springer, 278--288.
[32]
Andrew Y Lindell. 2008. Attacks on the pairing protocol of Bluetooth v2.1. Black Hat USA, Las Vegas, Nevada (2008).
[33]
Dennis Mantz, Jiska Classen, Matthias Schulz, and Matthias Hollick. 2019. InternalBlue - Bluetooth Binary Patching and Experimentation Framework. In Proceedings of Conference on Mobile Systems, Applications and Services (MobiSys). ACM.
[34]
Nateq Be-Nazir Ibn Minar and Mohammed Tarique. 2012. Bluetooth security threats and solutions: a survey. International Journal of Distributed and Parallel Systems, Vol. 3, 1 (2012), 127.
[35]
Michael Ossmann. 2019. Project Ubertooth. https://github.com/greatscottgadgets/ubertooth, Accessed: 2019-10-21.
[36]
John Padgette. 2017. Guide to Bluetooth security. NIST Special Publication, Vol. 800 (2017), 121.
[37]
Qualcomm. 2019. Expand the potential of Bluetooth. https://www.qualcomm.com/products/bluetooth, Accessed: 2020-01-27.
[38]
Phillip Rogaway. 2011. Evaluation of some blockcipher modes of operation. Cryptography Research and Evaluation Committees (CRYPTREC) for the Government of Japan (2011).
[39]
Mike Ryan. 2013. Bluetooth: With Low Energy Comes Low Security. In Proceedings of USENIX Workshop on Offensive Technologies (WOOT), Vol. 13. USENIX, 4-4.
[40]
Ben Seri and Gregory Vishnepolsky. 2017. The Attack Vector BlueBorne Exposes Almost Every Connected Device. https://armis.com/blueborne/, Accessed: 2018-01--26.
[41]
Ben Seri, Gregory Vishnepolsky, and Dor Zusman. 2019. BLEEDINGBIT: The hidden Attack Surface within BLE chips. https://armis.com/bleedingbit/, Accessed: 2019-07-24.
[42]
Yaniv Shaked and Avishai Wool. 2005. Cracking the Bluetooth PIN. In Proceedings of the conference on Mobile systems, applications, and services (MobiSys). ACM, 39--50.
[43]
Da-Zhi Sun, Yi Mu, and Willy Susilo. 2018. Man-in-the-middle attacks on Secure Simple Pairing in Bluetooth standard V5. 0 and its countermeasure. Personal and Ubiquitous Computing, Vol. 22, 1 (2018), 55--67.
[44]
Maximilian von Tschirschnitz, Ludwig Peuckert, Fabian Franzen, and Jens Grossklags. 2021. Method Confusion Attack on Bluetooth Pairing. In Proceedings of Symposium on Security and Privacy (S&P). IEEE.
[45]
Ford-Long Wong, Frank Stajano, and Jolyon Clulow. 2005. Repairing the Bluetooth pairing protocol. In Proceedings of International Workshop on Security Protocols. Springer, 31--45.
[46]
Joshua Wright. 2018. I Can Hear You Now - Eavesdropping on Bluetooth Headsets. https://www.willhackforsushi.com/presentations/icanhearyounow-sansns2007.pdf, Accessed: 2018-10-30.
[47]
Jianliang Wu, Yuhong Nan, Vireshwar Kumar, Dave Jing Tian, Antonio Bianchi, Mathias Payer, and Dongyan Xu. 2020. BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy. In 14th USENIX Workshop on Offensive Technologies (WOOT).
[48]
Apple WWDC. 2019. What's New in Core Bluetooth. https://developer.apple.com/videos/play/wwdc2019/901, Accessed: 2020-01-27.
[49]
Yue Zhang, Jian Weng, Rajib Dey, Yier Jin, Zhiqiang Lin, and Xinwen Fu. 2020. Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks. In 29th USENIX Security Symposium (USENIX Security 20). 37--54.

Cited By

View all
  • (2024)Close Contact Tracing and Risky Area Identification Using Alpha Shape Algorithm and Binary Contact Detection Model Based on Bluetooth 5.1Journal of ETA Maritime Science10.4274/jems.2024.09216Online publication date: 16-Dec-2024
  • (2024)Fake It till You Make It: Enhancing Security of Bluetooth Secure Connections via Deferrable AuthenticationProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670360(4762-4776)Online publication date: 2-Dec-2024
  • (2024)Seamlessly Insecure: Uncovering Outsider Access Risks in AiDot-Controlled Matter Devices2024 IEEE Security and Privacy Workshops (SPW)10.1109/SPW63631.2024.00034(281-288)Online publication date: 23-May-2024
  • Show More Cited By

Index Terms

  1. BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy

        Recommendations

        Comments

        Information & Contributors

        Information

        Published In

        cover image ACM Conferences
        ASIA CCS '22: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security
        May 2022
        1291 pages
        ISBN:9781450391405
        DOI:10.1145/3488932
        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

        Sponsors

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        Published: 30 May 2022

        Permissions

        Request permissions for this article.

        Check for updates

        Author Tags

        1. bluetooth
        2. bluetooth classic
        3. bluetooth low energy
        4. ctkd

        Qualifiers

        • Research-article

        Funding Sources

        Conference

        ASIA CCS '22
        Sponsor:

        Acceptance Rates

        Overall Acceptance Rate 418 of 2,322 submissions, 18%

        Contributors

        Other Metrics

        Bibliometrics & Citations

        Bibliometrics

        Article Metrics

        • Downloads (Last 12 months)387
        • Downloads (Last 6 weeks)46
        Reflects downloads up to 14 Feb 2025

        Other Metrics

        Citations

        Cited By

        View all
        • (2024)Close Contact Tracing and Risky Area Identification Using Alpha Shape Algorithm and Binary Contact Detection Model Based on Bluetooth 5.1Journal of ETA Maritime Science10.4274/jems.2024.09216Online publication date: 16-Dec-2024
        • (2024)Fake It till You Make It: Enhancing Security of Bluetooth Secure Connections via Deferrable AuthenticationProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670360(4762-4776)Online publication date: 2-Dec-2024
        • (2024)Seamlessly Insecure: Uncovering Outsider Access Risks in AiDot-Controlled Matter Devices2024 IEEE Security and Privacy Workshops (SPW)10.1109/SPW63631.2024.00034(281-288)Online publication date: 23-May-2024
        • (2024)SoK: The Long Journey of Exploiting and Defending the Legacy of King Harald Bluetooth2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00023(2847-228066)Online publication date: 19-May-2024
        • (2024)Application of Large Language Models in Cybersecurity: A Systematic Literature ReviewIEEE Access10.1109/ACCESS.2024.350598312(176751-176778)Online publication date: 2024
        • (2023)BLUFFS: Bluetooth Forward and Future Secrecy Attacks and DefensesProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623066(636-650)Online publication date: 15-Nov-2023
        • (2023)BLEDiff: Scalable and Property-Agnostic Noncompliance Checking for BLE Implementations2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179330(3209-3227)Online publication date: May-2023
        • (2023)Mitigating Cross-Transport Key Derivation Attacks in Bluetooth CommunicationNAECON 2023 - IEEE National Aerospace and Electronics Conference10.1109/NAECON58068.2023.10365983(254-257)Online publication date: 28-Aug-2023
        • (2023)Security analysis of Bluetooth Secure Simple Pairing protocols with extended threat modelJournal of Information Security and Applications10.1016/j.jisa.2022.10338572:COnline publication date: 1-Feb-2023
        • (2023)Tamarin-Based Analysis of Bluetooth Uncovers Two Practical Pairing Confusion AttacksComputer Security – ESORICS 202310.1007/978-3-031-51479-1_6(100-119)Online publication date: 25-Sep-2023
        • Show More Cited By

        View Options

        View options

        PDF

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        Login options

        Figures

        Tables

        Media

        Share

        Share

        Share this Publication link

        Share on social media