Recent & Upcoming Talks

In this talk we will explore recent research on real world wireless security protocols. We will cover standard protocols such as Bluetooth pairing and session establishment and proprietary ones such as IoT application layer protocols used to secure traffic between companion mobile applications and electric scooters and fitness trackers.

Keynote given at ACSW'24 (EuroS&P Workshop) covering Automotive Bluetooth Security and E-Spoofer.

YouTube (WiSec'23)

YouTube (37c3)

This lecture overviews recent and impactful research on Bluetooth security and privacy. We will cover protocol-level vulnerabilities in the Bluetooth specification affecting billions of devices, such as KNOB, BIAS, BLUR, and BLUFFS.

Abstract

Ciao! We present the BLUFFS attacks (CVE-2023-24023), six novel attacks breaking Bluetooth’s forward and future secrecy. Our attacks enable device impersonation and machine-in-the-middle across sessions by compromising and re-using one session key. We discuss the four vulnerabilities in the Bluetooth specification enabling the attacks, two of which are new and related to unilateral and repeatable session key derivation. We describe the toolkit we developed and open-sourced to test our attacks via firmware binary patching, our experiments where we exploited 18 heterogeneous Bluetooth devices, and the practical and backward-compliant session key derivation protocol we built to fix the attacks by design. We also cover related work like KNOB, BIAS, and BLUR, and educational Bluetooth security tips and tricks.

In this lecture we cover an Introduction about Bluetooth security, its main transports (BC, BLE), procedures (discovery, connect) and logical entities (Host, Controller, HCI). Then we look at Bluetooth security architecture and the specific BC/BLE algorithms and protocols. We conclude by talking about state of the art attacks that we developed against this protocols including KNOB, BIAS, and BLUR.

Xiaomi is the leading company in the fitness tracking industry. Successful attacks on its fitness tracking ecosystem would result in severe consequences, including the loss of sensitive health and personal data. Despite these relevant risks, we know very little about the security mechanisms adopted by Xiaomi. In this work, we uncover them and show that they are insecure. In particular, Xiaomi protects its fitness tracking ecosystem with custom application-layer protocols spoken over insecure Bluetooth Low-Energy (BLE) connections (ignoring standard BLE security mechanisms already supported by their devices) and TLS connections. We identify severe vulnerabilities affecting such proprietary protocols, including unilateral and replayable authentication.

This talk covers our recent research on the (in)securities of proprietary and standard wireless security protocols used daily by millions of devices and users. In particular, I will cover the BLUR attacks on Bluetooth, a novel class of threats capable of exploiting Bluetooth Classic from Bluetooth Low Energy and vice versa. Then, I will report on our security evaluation of protocol-level Bluetooth threats on vehicles (i.e., cars), a currently unexplored by impactful attack surface. Next, I will shift to proprietary wireless protocols and describe our security assessments of Xiaomi and Fitbit fitness trackers’ proprietary protocols. Finally, I will conclude by covering our latest work on custom Xiaomi e-scooters’ wireless protocols.

In this webinar we talk about, Protocol-Level Bluetooth Threats (PLBT), a novel and relevant class of threats for automotive security. Specifically, we explain what they are, why they are relevant, and how they can be evaluated on modern cars. We also report our PLBT evaluation results on five popular In-Vehicle Infotainment (IVI) units used by KIA, Toyota, Suzuki, and Skoda on cars manufactured between 2014 and 2021. For example, we show that is trivial to impersonate a trusted smartphone to commercial IVIs using an attack chain that we developed in recent years (KNOB+BIAS attacks). As a result of a successful impersonation, an attacker can exfiltrate sensitive data stored on the IVI and send malicious commands to the IVI without being detected.

Bluetooth is a ubiquitous technology for low-power wireless communications. It is employed by billions of devices, including smartphones, laptops, wearables, and cars. As a technology, Bluetooth is specified in an open and quite complex standard. The standard defines two Bluetooth flavors; Bluetooth Classic (BC) for high throughput services and Bluetooth Low Energy (BLE) for low power ones. In addition, it specifies pairing (i.e., bootstrapping) and session establishment security mechanisms to protect the confidentiality, integrity, and authenticity of Bluetooth communication. One vulnerability in these mechanisms can be exploited on all Bluetooth devices as they must be compliant with the Bluetooth standard.

Bluetooth is a ubiquitous technology for low-power wireless communications employed by billions of devices, including mobiles, wearables, and cars. Bluetooth is specified in a complex yet open standard that defines two transports: Bluetooth Classic (BC) for high throughput services and Bluetooth Low Energy (BLE) for very low power services. Being a pervasive technology, Bluetooth exposes a broad attack surface. Moreover, successful attacks on Bluetooth can achieve high-impact goals, such as identity thefts, privacy violations, and malicious device control. The security of Bluetooth communication heavily depends on the Bluetooth standard, which defines “standard-compliant” security mechanisms to protect the confidentiality, integrity, and availability of Bluetooth communications. Those mechanisms include pairing and secure session establishment protocols used to establish keys and protect the communication.

Mobile devices such as phones, tablets, and wearables enable proximity services on a large scale. These services use wireless technologies (such as Wi-Fi and Bluetooth) to connect users within a specific range and exchange information. Proximity information ranges from general-purpose files and contacts to privacy-preserving COVID-19 proximity identifiers. Since these services affect millions of mobile users worldwide, their security against cyber threats is paramount. It is not pleasant if an attacker in proximity (or even remotely) can eavesdrop on private communication or tamper with personal data. However, adopting (even essential) security mechanisms for proximity services is easy in theory but pretty hard in practice. For example, it is challenging to provide confidentiality and authenticity while at the same time provide energy-efficient and accurate proximity tracing. On top of that, a usable proximity service has to scale well with the number of users and provide the same quality of services across different software and hardware ecosystems (e.g., Android and iOS) and usage condition (e.g., indoor and outdoor). In this talk, we look at two commercial proximity services. First, Google’s Nearby Connections (NC) is an API to connect Android devices using a combination of Wi-Fi and Bluetooth and without requiring an Internet connection. Second, Google/Apple’s Exposure Notification (EN) framework. EN powers most COVID-19 contact-tracing mobile applications in Europe, including the ones used in Italy, Germany, and Switzerland. Throughout the talk, the audience will learn, among others, real-world proximity services' architectures, pitfalls, vulnerabilities, attacks, countermeasures, and related research trends.

Bluetooth is a ubiquitous technology for low power wireless communications. Bluetooth runs on billions of devices including mobile, wearables, home automation, smart speakers, headsets, industrial and medical appliances, and vehicles. As a result, Bluetooth’s attack surface is huge and includes significant threats such as identity thefts, privacy violations, and malicious device control. Bluetooth is a complex technology specified in an open standard. The standard defines two wireless stacks Bluetooth Classic for high throughput services (e.g., audio and voice) and Bluetooth Low Energy (BLE) for very low power services (e.g., localization, and monitoring). The standard defines security mechanisms to protect the confidentiality, integrity, and authenticity of Bluetooth communications. Those mechanisms include pairing to share a long term key among two devices, and secure session establishment to let two paired devices negotiate session keys to protect their communication. A single vulnerability in a standard-compliant security mechanism translates into billions of exploitable devices. This talk reviews several standard-compliant vulnerabilities that we recently uncovered on the key negotiation and authentication mechanisms of Bluetooth Classic and BLE. We also describe how to exploit such vulnerabilities to perform key negotiation attacks on Bluetooth Classic and BLE (KNOB attacks, CVE-2019-9506) and impersonation attacks on Bluetooth Classic (BIAS attacks, CVE-2020-10135). The attacks are presented together with a detailed description of the Bluetooth treat model and the affected security mechanism. We also explain how we implemented such attacks using low-cost hardware and open-source software and how we evaluated them on actual devices from the major vendors including Apple, Broadcom, Cypress, CSR, Google, Intel, Microsoft, and Qualcomm. Finally, we describe how the Bluetooth standard was amended after the disclosure of our attacks, our proposed countermeasures, and why most of the Bluetooth devices are still vulnerable to our attacks.

Bluetooth is a ubiquitous technology for low power wireless communications. Bluetooth runs on billions of devices, including mobile, wearables, home automation, smart speakers, headsets, industrial and medical appliances, and vehicles. As a result, Bluetooth’s attack surface is huge and includes significant threats such as identity thefts, privacy violations, and malicious device control.