bluetooth smart: the good, the bad, the ugly and the fix · 2013-08-05 · mike ryan bluetooth...
TRANSCRIPT
![Page 1: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/1.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
1
Bluetooth Smart:
Mike RyaniSEC Partners
Black Hat USAAug 01, 2013
The Good, The Bad, The Ugly...and The Fix
![Page 2: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/2.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
2
⇀ Because it's appearing EVERYWHERE
Why Bluetooth Smart?
![Page 3: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/3.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
3
Why Bluetooth Smart? (2)
⇀ 186% YoY Growth for H1 20131
⇀ “over 7 million Bluetooth Smart ICs were estimated to have shipped for use in sports and fitness devices in the first half of 2013 alone”
⇀ “Analysts Forecast Bluetooth Smart to Lead Market Share in Wireless Medical and Fitness Devices”2
1http://www.bluetooth.com/Pages/Press-Releases-Detail.aspx?ItemID=1702http://www.bluetooth.com/Pages/Press-Releases-Detail.aspx?ItemID=165
![Page 4: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/4.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
4
The Good
Bluetooth Smart
![Page 5: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/5.jpg)
5
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
5
What is Bluetooth Smart?
⇀ New modulation and link layer for low-power devices⇀ vs classic Bluetooth
⇁ Incompatible with classic Bluetooth devices⇁ PHY and link layer almost completely different⇁ High-level protocols the same (L2CAP, ATT)
⇀ Introduced in Bluetooth 4.0 (2010)⇀ AKA Bluetooth Low Energy / BTLE
![Page 6: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/6.jpg)
6
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
6
Protocol Stack
GATTATT
L2CAPLink Layer
PHY
![Page 7: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/7.jpg)
7
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
7
PHY Layer
⇀ GFSK, +/- 250 kHz, 1 Mbit/sec⇀ 40 channels in 2.4 GHz⇀ Hopping
![Page 8: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/8.jpg)
8
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
8
Hopping
⇀ Hop along 37 data channels⇀ One data packet per channel⇀ Next channel = (channel + hop increment) mod 37
3 → 10 → 17 → 24 → 31 → 1 → 8 → 15 → …hop increment = 7
![Page 9: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/9.jpg)
9
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
9
Link Layer
● Min of 2 bytes due to 2 byte header● LLID: Control vs Data● Length
![Page 10: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/10.jpg)
10
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
10
L2CAP: A Few Bytes Octets of Bloat
![Page 11: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/11.jpg)
11
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
11
ATT/GATT
⇀ Services: groups of characteristics⇀ Characteristics
⇁ Operations
⇀ Everything identified by UUID⇁ 128 bit⇁ Sometimes shortened to 16 bits
![Page 12: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/12.jpg)
12
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
12
Example GATT Service: Heart Rate
⇀ Service: 0x180D⇀ Characteristic 1: 0x2A37 – Heart Rate
⇁ Can't read or write⇁ Notify: subscribe to updates
⇀ Characteristic 2: 0x2A38 – Sensor Location⇁ Readable: 8 bit int, standardized list
⇀ Other characteristics: 0x2803, 0x2902, ...
![Page 13: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/13.jpg)
13
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
13
Recap
GATTATT
L2CAPLink Layer
PHY
![Page 14: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/14.jpg)
14
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
14
![Page 15: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/15.jpg)
15
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
15
![Page 16: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/16.jpg)
16
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
16
How do we sniff it?
Start at the bottom and work our way up:
GATTATT
L2CAPLink Layer
PHY→→Ubertooth
→PC →
→
![Page 17: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/17.jpg)
17
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
17
Ubertooth Block Diagram
CC2591RF Amp
CC2400Radio
LPC175xARM MCU
RF Bits
USB
PHY layerRF↔Bits
Link layerBits↔Packets
Packets
![Page 18: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/18.jpg)
18
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
18
Capturing Packets
⇀ Configure CC2400⇁ Set modulation parameters to match Bluetooth Smart⇁ Tune to proper channel
⇀ Follow connections according to hop pattern⇁ Hop increment and hop interval, sniffed from connect
packet or recovered in promiscuous mode
⇀ Hand off bits to ARM MCU
![Page 19: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/19.jpg)
19
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
19
Link Layer
What we have: Sea of bits
What we want: Start of PDU
What we know: AA100011101111010101011001110000010001100111100100110100011101
CC2400 does this
FO FREE
![Page 20: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/20.jpg)
20
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
20
PHY Layer.. Link Layer..
We converted RF to packetsNow what?
![Page 21: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/21.jpg)
21
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
21
Capturing Packets... To PCAP!
⇀ ubertooth-btle speaks packets⇀ libpcap → dump raw packet data⇀ PPI header (similar airodump-ng and kismet)
⇀ We have a DLT for Bluetooth Smart⇁ Unique identifier for the protocol⇁ Public release of Wireshark plugin Coming SoonTM
![Page 22: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/22.jpg)
22
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
22
Wireshark Awesomeness
![Page 23: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/23.jpg)
23
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
23
Encryption
⇀ Provided by link layer⇀ Encrypts and MACs PDU⇀ AES-CCM
↓↓↓↓↓↓
![Page 24: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/24.jpg)
24
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
24
The Bad
Key Exchange
![Page 25: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/25.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
25
Custom Key Exchange Protocol
⇀ Three stage process⇀ 3 pairing methods
⇁ Just WorksTM
⇁ 6-digit PIN⇁ OOB
⇀ “None of the pairing methods provide protection against a passive eavesdropper” -Bluetooth Core Spec
![Page 26: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/26.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
26
Cracking the TK
confirm=
AES(TK, AES(TK, rand XOR p1) XOR p2)
GREEN = we have it RED = we want it
TK: integer between 0 and 999,999Just WorksTM: always 0!
![Page 27: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/27.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
27
Cracking the TK – With crackle
Total time to crack:< 1 second
![Page 28: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/28.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
28
And That's It
⇀ TK → STK⇀ STK → LTK⇀ LTK → Session keys
KEY EXCHANGE = BR0KEN100% PASSIVE
![Page 29: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/29.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
29
The Ugly
LTK Reuse
![Page 30: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/30.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
30
LTK Reuse
⇀ Good for security: pair in a faraday cage⇀ Counter-mitigation: Active attack to force re-pairing
![Page 31: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/31.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
31
Decrypting
⇀ Assumption: Attacker has LTK – reused!⇀ Procedure
⇁ Attacker passively capturing packets⇁ Connection established⇁ Session information captured
![Page 32: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/32.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
32
Decrypting – With crackle
⇀ Yes, crackle does that too!⇀ crackle will decrypt
⇁ a PCAP file with a pairing setup⇁ a PCAP file with an encrypted session, given an LTK
![Page 33: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/33.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
33
The Ugly: Recap
⇀ Key exchange broken⇀ LTK reuse means all communication is effectively
compromised
⇀ 99% passive⇁ Worst case scenario: one active attack with off-the-shelf
hardware
![Page 34: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/34.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
34
The Fix
Secure Simple Pairing
![Page 35: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/35.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
35
My Qualifications
⇀ Infosec Researcher⇀ Infosec Consultant⇀ Occasional programmer⇀ Husband⇀ Able to grill a mean steak
NOT LISTED: Cryptographer
Shameless Plug:iSEC Partners
![Page 36: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/36.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
36
Why Secure Simple Pairing?
⇀ Eavesdropping protection: ECDH⇀ In production since 2007, only one weakness⇀ Downside: ECDH is expensive
⇁ secp192r1: ~5 seconds on 8-bit CPU⇁ No open source implementation (until now)
![Page 37: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/37.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
37
The Five Phases of SSP
1. Public key exchange
2. Authentication Stage 1
3. Authentication Stage 2
4. Link Key Calculation
5. LMP Authentication and Encryption
![Page 38: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/38.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
38
SSP in Bluetooth Smart
1. Public key exchange
2. Authentication Stage 1: Numeric comparison only
3. Authentication Stage 2
4. Link Key Calculation
5. LMP Authentication and Encryption
![Page 39: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/39.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
39
Backward Compatibility
⇀ OOB not broken⇀ Use calculated link key as 128-bit OOB data⇀ Most chips have support
![Page 40: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/40.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
40
Demo
⇀ D⇁ e
● m– o
![Page 41: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/41.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
41
Am I Affected?
⇀ Probably⇀ Exception: Some vendors implement their own
security on top of GATT⇁ Did they talk to a cryptographer?
![Page 42: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/42.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
42
Summary
⇀ The Good: Bluetooth Smart⇀ The Bad: Key Exchange⇀ The Ugly: LTK Reuse⇀ The Fix: SSP
![Page 43: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/43.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
43
Capabilities
⇀ Ubertooth⇁ Passively intercept Bluetooth Smart⇁ Promiscuous mode and injection (not discussed)
⇀ Wireshark plugins⇀ crackle
⇁ Crack TK's sniffed with Ubertooth⇁ Decrypt PCAP files with LTK
⇀ nano-ecc: 8-bit ECDH implementation
![Page 44: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/44.jpg)
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
44
Software
⇀ Ubertooth and libbtbb⇁ http://ubertooth.sourceforge.net/
⇀ nano-ecc (8-bit ECDH and ECDSA)⇁ https://github.com/iSECPartners/nano-ecc
⇀ crackle⇁ http://lacklustre.net/projects/crackle/
![Page 45: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/45.jpg)
45
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
45
Thanks
Mike OssmannDominic Spill
Mike Kershaw (dragorn)#ubertooth on freenode
bluezBluetooth SIG
Black HatiSEC Partners
![Page 46: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/46.jpg)
46
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
46
Thank You
Mike RyaniSEC Partners
@mpeg4codec
http://lacklustre.net/
![Page 47: Bluetooth Smart: The Good, The Bad, The Ugly and The Fix · 2013-08-05 · Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013 3 Why Bluetooth Smart? (2) ⇀ 186% YoY](https://reader034.vdocuments.us/reader034/viewer/2022042417/5f32ed2edde18c66c847efd3/html5/thumbnails/47.jpg)
47
Mike Ryan Bluetooth Smart / Bluetooth LE BlackHat USA, August 2013
47
Feedback
Please scan badge when leaving
Thanks again!