
In 2020 we disclosed the Bluetooth Impersonation AttackS (BIAS), a family of high impact attacks affecting Bluetooth’s authentication protocols. The attacks allow impersonating any Bluetooth device during secure session establishment without knowing the long term pairing key. The BIAS attacks are tracked with CVE-2019-9506
IEEE S&P (Oakland) 2020 Paper Teaser
IEEE S&P (Oakland) 2020 Paper Presentation
BIAS + KNOB attack against Bluetooth IACR Attacks in Crypto
From Bluetooth Standard to Standard Compliant 0-days Hardwear.io
Related
Publications
PDF Cite Code Project Project Slides Video CVE-2019-9506 CVE-2020-10135
PDF Cite Code Project Slides Video Teaser Website CVE-2020-10135
Events
Talk on Automotive Bluetooth Security at AMUSEC'25.
Cars are some of the most security-critical consumer devices. On the one hand, owners expect rich infotainment features, including audio, hands-free calls, contact management, or navigation through their connected mobile phone. On the other hand, the infotainment unit exposes exploitable wireless attack surfaces. This talk focuses on protocol-level Bluetooth threats on vehicles, a critical but unexplored wireless attack surface. These threats are crucial because they are portable across vehicles, and they can achieve impactful goals, such as accessing sensitive data or even taking remote control of the vehicle. Their evaluation is novel as prior work focused on other wireless attack surfaces, notably Bluetooth implementation bugs. Among relevant protocol-level threats, we pick the KNOB and BIAS attacks because they provide the most effective strategy to impersonate arbitrary Bluetooth devices and are not yet evaluated against vehicles.
In this talk we will explore recent research on real world wireless security protocols. We will cover standard protocols such as Bluetooth pairing and session establishment and proprietary ones such as IoT application layer protocols used to secure traffic between companion mobile applications and electric scooters and fitness trackers.
Keynote given at ACSW'24 (EuroS&P Workshop) covering Automotive Bluetooth Security and E-Spoofer.