BlueDump is an attack in which an attacker tricks a Bluetooth device into abandoning its link key and pairing it with the attacker’s Bluetooth device. As a result, the attacker can exploit this for illegal activities. Let’s understand how the attack works in more detail.
How does Bluetooth authentication work?
To provide secure communication of data, Bluetooth provides us with the functionality of authentication. Whenever a Bluetooth device wants to pair with another Bluetooth device, both of them have to provide a PIN. After that, a verification process starts, and if the other device is successfully authenticated, a connection is established.
So, here is how the authentication works :
- Let’s say device B wants to connect with device A, and so device B has to authenticate itself to the other device B.
- To initiate a connection, users of both devices enter a PIN, which can be of a maximum length of 16 octets.
- A 128-bit link key is generated using the entered PIN code.
- Device B, which wants to connect to device A, sends its 48-bit address or BD_ADDR.
- Device A, which wants to authenticate device B, sends a 128-bit random challenge to device B.
- Device B uses its link key, BD_ADDR, and the random challenge as inputs and computes the authentication response using the E1 algorithm.
- Device B sends the authentication response thus computed to device A.
- Device A also uses the same inputs as device B and computes the expected authentication response using the same E1 algorithm.
- If the authentication response sent by device B matches that of the expected authentication response computed by device A, device B is successfully authenticated.
- Now, both device A and device B can go ahead with pairing.
What is the BlueDump attack?
Though authentication usually follows the steps mentioned above, there are a few cases where Bluetooth devices do not always enter a PIN for verification. For example, if a user wants to automate the pairing of two devices using a script, he can change the settings and enable the devices to pair without entering a PIN. In BlueDump Attack, the attacker exploits this functionality.
0 Comments