What is the BlueBump attack?
The BlueBump attack is an attack in which an attacker first connects to a victim’s Bluetooth device and exploits that to delete the link key of the victim’s device. As a result, the attacker gets unlimited access to the device thereafter. Let’s try to understand the BlueBump attack in more detail.
What is the link key?
To provide secure communication of data, Bluetooth provides us with the functionality of authentication. Whenever a Bluetooth device wants to pair with another Bluetooth device, both of them have to provide a PIN. After that, a verification process starts, and if the other device is successfully authenticated, a connection is established. (How does Bluetooth authentication work?)
When device A wants to communicate with device B, both devices enter a PIN. A 128-bit long link key is then generated from the entered PIN. Device A then sends a 128-bit random challenge to device B. Device B then uses its 48-bit address or BD_ADDR, link key, and the random challenge as inputs and applies the E1 algorithm to calculate the response to the random challenge. Device B then sends the response to device A. Device A verifies the response. On successful verification, device A establishes a connection to device B.
How does the BlueBump attack work?
The BlueBump attack is named after the technique of key bumping. The attacker establishes a connection to the victim’s device and then exploits that to connect to the same device at any time, like a bump key.
0 Comments