Bluetooth KNOB Attacks

In this talk we will explore recent research on real world wireless security protocols. We will cover standard protocols such as Bluetooth pairing and session establishment and proprietary ones such as IoT application layer protocols used to secure traffic between companion mobile applications and electric scooters and fitness trackers.

Keynote given at ACSW'24 (EuroS&P Workshop) covering Automotive Bluetooth Security and E-Spoofer.

In this lecture we cover an Introduction about Bluetooth security, its main transports (BC, BLE), procedures (discovery, connect) and logical entities (Host, Controller, HCI). Then we look at Bluetooth security architecture and the specific BC/BLE algorithms and protocols. We conclude by talking about state of the art attacks that we developed against this protocols including KNOB, BIAS, and BLUR.

This talk covers our recent research on the (in)securities of proprietary and standard wireless security protocols used daily by millions of devices and users. In particular, I will cover the BLUR attacks on Bluetooth, a novel class of threats capable of exploiting Bluetooth Classic from Bluetooth Low Energy and vice versa. Then, I will report on our security evaluation of protocol-level Bluetooth threats on vehicles (i.e., cars), a currently unexplored by impactful attack surface. Next, I will shift to proprietary wireless protocols and describe our security assessments of Xiaomi and Fitbit fitness trackers’ proprietary protocols. Finally, I will conclude by covering our latest work on custom Xiaomi e-scooters’ wireless protocols.

Bluetooth is a ubiquitous technology for low power wireless communications. Bluetooth runs on billions of devices including mobile, wearables, home automation, smart speakers, headsets, industrial and medical appliances, and vehicles. As a result, Bluetooth’s attack surface is huge and includes significant threats such as identity thefts, privacy violations, and malicious device control. Bluetooth is a complex technology specified in an open standard. The standard defines two wireless stacks Bluetooth Classic for high throughput services (e.g., audio and voice) and Bluetooth Low Energy (BLE) for very low power services (e.g., localization, and monitoring). The standard defines security mechanisms to protect the confidentiality, integrity, and authenticity of Bluetooth communications. Those mechanisms include pairing to share a long term key among two devices, and secure session establishment to let two paired devices negotiate session keys to protect their communication. A single vulnerability in a standard-compliant security mechanism translates into billions of exploitable devices. This talk reviews several standard-compliant vulnerabilities that we recently uncovered on the key negotiation and authentication mechanisms of Bluetooth Classic and BLE. We also describe how to exploit such vulnerabilities to perform key negotiation attacks on Bluetooth Classic and BLE (KNOB attacks, CVE-2019-9506) and impersonation attacks on Bluetooth Classic (BIAS attacks, CVE-2020-10135). The attacks are presented together with a detailed description of the Bluetooth treat model and the affected security mechanism. We also explain how we implemented such attacks using low-cost hardware and open-source software and how we evaluated them on actual devices from the major vendors including Apple, Broadcom, Cypress, CSR, Google, Intel, Microsoft, and Qualcomm. Finally, we describe how the Bluetooth standard was amended after the disclosure of our attacks, our proposed countermeasures, and why most of the Bluetooth devices are still vulnerable to our attacks.