Abstract
We point to three types of potential vulnerabilities in the Bluetooth standard, version 1.0B. The first vulnerability opens up the system to an attack in which an adversary under certain circumstances is able to determine the key exchanged by two victim devices, making eavesdropping and impersonation possible. This can be done either by exhaustively searching all possible PINs (but without interacting with the victim devices), or by mounting a so-called middle-person attack. We show that one part of the key exchange protocol — an exponential back-off method employed in case of incorrect PIN usage — adds no security, but in fact benefits an attacker. The second vulnerability makes possible an attack - which we call a location attack — in which an attacker is able to identify and determine the geographic location of victim devices. This, in turn, can be used for industrial espionage, blackmail, and other undesirable activities. The third vulnerability concerns the cipher. We show two attacks on the cipher, and one attack on the use of the cipher. The former two do not pose any practical threat, but the latter is serious. We conclude by exhibiting a range of methods that can be employed to strengthen the protocol and prevent the newly discovered attacks. Our suggested alterations are simple, and are expected to be possible to be implemented without major modifications.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
A. Colden: “Expansion of Wireless Technology Could Bring as Many Problems as Benefits”, The Denver Post, August 14, 2000, http://www.newsalert.com/bin/story?StoryId=CozDUWaicrfaTv0LsruXfu1m
J. Daemen and V. Rijmen, http://csrc.nist.gov/encryption/aes/
J. Dj. Golić: ”Cryptanalysis of Alleged A5 Stream Cipher”, Proceedings of Eurocrypt’ 97, Springer LNCS 1233, 1997, pp. 239–255.
M. Hermelin and K. Nyberg, “Correlation Properties of the Bluetooth Combiner”, Proceedings of ICISC’ 99, Springer LNCS 1787, 1999, pp. 17–29.
The Offcial Bluetooth SIG Website, http://www.bluetooth.com
“RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography, Version 4.1”, http://www.rsasecurity.com/rsalabs/faq/
“Specification of the Bluetooth System”, Specification Volume 1, v.1.0B, December 1, 1999. See [10].
“Specification of the Bluetooth System”, Specification Volume 2, v.1.0B, December 1, 1999. See [10].
“Bluetooth FAQ-Security”, http://www.bluetooth.com/bluetoothguide/faq/5.asp, November 15, 2000.
http://www.bluetooth.com/developer/specification/specification.asp
M. Stoll, “Natel-Benü;tzer im Visier der Staatsschützer”, SonntagsZeitung Zürich, December 28, 1997. http://www.sonntagszeitung.ch/1997/sz52/93419.HTM
J.T. Vainio, “Bluetooth Security,” Proceedings of Helsinki University of Technology, Telecommunications Software and Multimedia Laboratory, Seminar on Internetworking: Ad Hoc Networking, Spring 2000, http://www.niksula.cs.hut.fi/~jiitv/bluesec.html
L. Weinstein: “Cell Phones Become Instant Bugs!”, The Risks Digest, Volume 20, Issue 53, August 10, 1999, http://catless.ncl.ac.uk/Risks/20.53.html#subj1.1
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jakobsson, M., Wetzel, S. (2001). Security Weaknesses in Bluetooth. In: Naccache, D. (eds) Topics in Cryptology — CT-RSA 2001. CT-RSA 2001. Lecture Notes in Computer Science, vol 2020. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45353-9_14
Download citation
DOI: https://doi.org/10.1007/3-540-45353-9_14
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41898-6
Online ISBN: 978-3-540-45353-6
eBook Packages: Springer Book Archive