Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
WVE ID: WVE-2005-0013
Type: Exploit
Status: Candidate
Classification:
Cryptographic
Design Flaw
Description:
BlueDumping is a method used by an attacker to force two previously paired devices to re-pair in order for the pairing exchange to be observed with a Bluetooth sniffer.
Discussion:
A method for Bluetooth PIN recovery was first outlined by Ollie Whitehouse at CanSecWest in 2004. This method involved observing the pairing process between two devices and using the data gained to attempt to crack the PIN used.
The obvious drawback to this method is that the device's to be attacked must be paired in the presence of the attacker. In May of 2005 Shaked and Wool revisited this topic and further developed the concept to include an active attack that would cause the device's to need to be re-paired. Thus an attacker would be able to force a re-pairing and observe it with a protocol analyzer.
There are three scenarios presented by Shaked and Wool that allow this to happen.
1. During connection establishment a challenge/response mechanism is used to mutually authenticate the devices. To do this, the Master sends a challenge (AU_RAND) consisting of a 128 bit random number to the Slave. The Slave then calculates a response (SRES) by using the pairing's link key. The Master then takes this response and checks to make sure it matches what was expected in order to authenticate the connection. However, the Bluetooth specification allows a device to forget a link key. Therefore it is possible for an attacker to indicate that the Slavedevice has forgotten it by sending a LMP_not_accepted message to the Master. Doing so will cause the devices to need to be re-paired.
2. Similarly, an attacker can send an IN_RAND (used to initiate pairings) to the Slave before the Master is able to send AU_RAND to it. This will cause the Slave device to believe the Master has lost the link key, which means the devices will need to be re-paired.
3. Instead of injecting an LMP_not_accepted message, an attacker can send a invalid SRES value to the Master. This will cause response validation to fail and cause the device's to need to be re-paired.
It should be noted, that carrying out such attacks requires a Bluetooth baseband sniffer and the ability to inject packets. Traditionally this hardware is quite expensive, costing many thousands of dollars. However, such hardware is becoming increasingly available in after-markets for well below its original price, making it within reach of far more people.
Credits
Author:
Avishai
Wool
(yash@eng.tau.ac.il)
: Tel Aviv University
Author:
Yaniv
Shaked
(shakedy@eng.tau.ac.il)
: Tel Aviv University
References
URL:
http://www.cansecwest.com/csw04/csw04-Whitehouse.pdf
URL:
http://www.eng.tau.ac.il/~yash/shaked-wool-mobisys05/
Released: 2005-05-02
Submitter
Andrew
Lockhart
(alockhart@networkchemistry.com)
: Network Chemistry
Submitted: Thu Oct 20 12:35:37 -0700 2005
Candidate Date: Mon Oct 24 10:08:10 -0700 2005
