Method confusion attack on bluetooth pairing

Maximilian Von Tschirschnitz, Ludwig Peuckert, Fabian Franzen, Jens Grossklags

Publikation: Beitrag in Buch/Bericht/KonferenzbandKonferenzbeitragBegutachtung

22 Zitate (Scopus)

Abstract

Bluetooth provides encryption, authentication, and integrity protection of its connections. These protection mechanisms require that Bluetooth devices initially establish trust on first use through a process called pairing. Throughout this process, multiple alternative pairing methods are supported.In this paper, we describe a design flaw in the pairing mechanism of Bluetooth. This flaw permits two devices to perform pairing using differing methods. While successfully interacting with each other, the devices are not aware of the Method Confusion. We explain how an attacker can cause and abuse this Method Confusion to mount a Method Confusion Attack. In contrast to other attacks targeting the pairing method, our attack applies even in Bluetooth's highest security mode and cannot be mitigated in the protocol. Through the Method Confusion Attack, an adversary can infiltrate the secured connection between the victims and intercept all traffic.Our attack is successful in practically relevant scenarios. We implemented it as an end-to-end Proof of Concept for Bluetooth Low Energy and tested it with off-the-shelf smartphones, a smartwatch and a banking device. Furthermore, we performed a user study where none of the 40 participants noticed the ongoing attack, and 37 (92.5%) of the users completed the pairing process. Finally, we propose changes to the Bluetooth specification that immunize it against our attack.

OriginalspracheEnglisch
TitelProceedings - 2021 IEEE Symposium on Security and Privacy, SP 2021
Herausgeber (Verlag)Institute of Electrical and Electronics Engineers Inc.
Seiten1332-1347
Seitenumfang16
ISBN (elektronisch)9781728189345
DOIs
PublikationsstatusVeröffentlicht - Mai 2021
Veranstaltung42nd IEEE Symposium on Security and Privacy, SP 2021 - Virtual, San Francisco, USA/Vereinigte Staaten
Dauer: 24 Mai 202127 Mai 2021

Publikationsreihe

NameProceedings - IEEE Symposium on Security and Privacy
Band2021-May
ISSN (Print)1081-6011

Konferenz

Konferenz42nd IEEE Symposium on Security and Privacy, SP 2021
Land/GebietUSA/Vereinigte Staaten
OrtVirtual, San Francisco
Zeitraum24/05/2127/05/21

Fingerprint

Untersuchen Sie die Forschungsthemen von „Method confusion attack on bluetooth pairing“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren