The latest attack technology detail analysis for Bluetooth PIN code-Vulnerability Research

Note: This article is only to address the latest attack technology for Bluetooth PIN to remind everyone to guard against, and there is no other purpose. No one may use the techniques described in this article to do anything illegal.

Recently, a number of websites at home and abroad have published a news about the latest attack technology for Bluetooth PIN: By forcing two Bluetooth devices to be paired and listening for pairing information, an attacker can crack a 4-bit (decimal) pin in 0.063 seconds. The World Wireless Technology conference, held in early June this year, also discussed the attack approach in detail, SecurityFocus even said, "This new attack technology has shocked many information security experts who are focused on wireless technology, Because the previous research on attacking Bluetooth PIN is only concerned with incorrect Bluetooth configuration or a specific environment, this is the first comprehensive description of attack Bluetooth technology. For this Bluetooth attack technology, entertainment and technology and the WDA to follow and discuss, and write down the following attack details, hope and attention to the Bluetooth technology enthusiasts to discuss together.

I. Overview

Bluetooth is a kind of protocol to realize short distance wireless connection between devices, and it is widely used in wireless equipment, image processing, security products, consumer entertainment, automobile products and household appliances and so on. As a wireless technology, Bluetooth technology provides security mechanisms such as key management, authentication, and confidentiality. However, in the past few years, some attacks against Bluetooth technology has been proposed, including information leakage, data theft, counterfeit attacks, Bluetooth technology security problems are mainly the following:

1, the security of the entire Bluetooth system depends on the confidentiality of the PIN code. Because of the low security awareness, the user's choice of pin length is usually relatively short, resulting in a significant increase in the likelihood that the PIN code is cracked.

2, the Bluetooth protocol used in the cryptographic algorithm is the Bluetooth designer to invent their own, these cryptographic algorithms is relatively simple. From the point of view of cryptanalysis, a mature cipher algorithm has to be accepted by the long-term practice, because of lack of testing, the new cipher algorithm may imply some defects.

3. Bluetooth is suitable for short distance communication within 10 meters, it is really difficult for attackers to approach the target. But imagine that in a pedestrian street or in a traffic jam environment, an attacker would be able to search for Bluetooth communication within 10 meters of the perimeter by launching a Bluetooth-enabled device. Moreover, the latest IEEE 802.11 standard has made it cheaper to extend the distance between Bluetooth communications.

4, as Bluetooth technology is becoming more and more popular, especially Bluetooth software can be installed on the PDA and laptop computers, stored in the PDA and laptop information is also more and more interested in hackers.

Ii. introduction of the terminology

Pairing: Pairing refers to the process of confirming each other when two Bluetooth devices are first communicated. Once the two Bluetooth devices are paired, subsequent communication connections do not have to be confirmed every time, which is very convenient.

Pin (Personal identification number): Personal identification Code, Bluetooth uses a pin length of 1-8 decimal digits (8-128 bits).

DB_ADDR: Bluetooth device address. Each Bluetooth transceiver is assigned a unique 48-bit device address, similar to the MAC address of the PC's NIC. Two Bluetooth devices get the DB_ADDR address of each other at the beginning of the communication by questioning. Third, Bluetooth pairing and certification process

Bluetooth supports three security modes, the first of which is the "no security operation" mode in which the device does not have any security measures. The second is the "business-level security model" without the need to start a security protocol before the channel is established. The third is to require the terminal to start the security protocol "link-level security mode" before the link is established. Among them, the last "link-level security mode" security level is the highest, this article discusses the attack technology for this level.

1, matching and certification

The Bluetooth communication initialization process takes three steps: Generating an initial key (Kinit), generating a link key (Kab), and authenticating both parties. Next, the encryption key is used to protect the subsequent traffic. Before pairing, you need to enter the pin into the Bluetooth device in advance, and in some devices (like a wireless headset), the pin is fixed and cannot be changed. It is important to note that the pins on either side must match or cannot communicate. Here we will discuss the details of pairing and mutual authentication.

. Generate initial key (Kinit)

The initial key kinit t length is 128 bits, produced by the E22 algorithm, and Figure 1 describes the process of generating the Kinit key. The device that first proposes a communication requirement is called the Master device (master), which is represented by a, and the device that passively communicates is called a Slave, which is expressed in B. As you can see from the diagram, the input (plaintext) of the E22 algorithm consists of the following three parts:

1 from the physical address of the device: BD_ADDR, before generating kinit, the main device obtains the address bd_addr from the device by way of inquiry.

2 PIN code and its length, the pin is pre-set by the equipment of both sides.

3) A 128-bit random number (In_rand). Generated by the main device and transmitted in clear text to the device.

Because the main, from the device using the same E22 algorithm, if the two devices above the three parts of the value are equal, then the respective calculated kinit should be the same.

Figure 2