Key Negotiation of Bluetooth attack

Researchers at the Center for IT-Security, Privacy and Accountability (CISPA) have identified a security vulnerability related to encryption on Bluetooth BR/EDR connections.  The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used.

Examples

Researchers at the Center for IT-Security, Privacy and Accountability (CISPA) have identified a security vulnerability related to encryption on Bluetooth BR/EDR connections.  The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used.  In addition, since not all Bluetooth specifications mandate a minimum encryption key length, it is possible that some vendors may have developed Bluetooth products where the length of the encryption key used on a BR/EDR connection could be set by an attacking device down to a single octet.  In addition, the researchers identified that, even in cases where a Bluetooth specification did mandate a minimum key length, Bluetooth products exist in the field that may not currently perform the required step to verify the negotiated encryption key meets the minimum length.  In such cases where an attacking device was successful in setting the encryption key to a shorter length, the attacking device could then initiate a brute force attack and have a higher probability of successfully cracking the key and then be able to monitor or manipulate traffic.

For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were establishing a BR/EDR connection.  If one of the devices did not have the vulnerability, then the attack would not be successful.  The attacking device would need to intercept, manipulate, and retransmit key length negotiation messages between the two devices while also blocking transmissions from both, all within a narrow time window.  If the attacking device was successful in shortening the encryption key length used, it would then need to execute a brute force attack to crack the encryption key.  In addition, the attacking device would need to repeat the attack each time encryption gets enabled since the encryption key size negotiation takes place each time.

Learn more