Closed ericcornelissen closed 7 years ago
Great summary! Nice work man! I do think that we should move this content to the Drive, because a summary isn't an issue that should be fixed and because the Drive provides a nice structured overview of all documents we have
Made a short summary for a paper on Bluetooth MITM attacks, you can read the whole paper here (pdf).
TL;DR: Bluetooth MITM attacks are possible. Most important threat is through jamming (for newer versions of Bluetooth at least). The main solution the paper proposes is not relevant for our usecase (I think). But the problem caused by the jamming can be solved by users that are aware of the situation, which we can enforce by having them go through a more complicated authentication process.
So if we feel the need to, we should protect against eavesdropping
Older versions (4.x is in most newer divices, the Samsung Galaxy S8 is the first phone with 5.0 source) of bluetooth rely solely on PIN/password. It has been proven to be vulnerable to MITM attacks
Newer Bluetooth versions (2.1, 3.0) use SSP to protect against passive eavesdropping (listening only). SSP uses Elliptic Curve Diffie-Hellman public-key cryptography, which is currently considered safe.
Basicly, SSP provides different levels of security, attacker can force weak version on victem devices.
This is related to the PHY jamming, users may remove existing paired devices and initiate a new pairing process with the attacker. At this point the attacker has full access.
This jamming seems to be the most dangerous one for our usecase (and I think it also applies to the newer versions of Bluetooth, i.e. 4.0 or higher). The main practical solution proposed is enforcing the use of SSP-OOB. OOB (Out Of Bound) basically means authenticating over different channel than standard Bluetooth, which doesn't really apply to our project I think.
Some counter measures are proposed in the paper. Adding a challenge-response type verification isn't one of them though. However I think that adding an additional challenge-response type verification can be helpful. This is because the problem is caused by the victim having to reconnect and possibly reconnecting with the attacker, and having the additional verification should make it less likely the victim actually pairs with the attacker.