Questions & Answers

Am I affected by the vulnerability?

It is very likely that you are either affected or vulnerable to older attacks.

Do both devices have to be vulnerable?

Yes, the attack exploits the vulnerability on both participating devices simultaneously. If any one of them is patched, the attack will not work any more.

What are the implications of the attack?

Every Bluetooth pairing performed by vulnerable devices (vast majority of the market) at the presence of the attacker could be compromised. An attacker could then eavesdrop all victims' communications, and even send forged requests for information. For example, an attacker can ask a phone for the contacts list, read or send SMSes, dial and talk on a compromized connection, and listen in to all Bluetooth conversations.

What is the difference between Bluetooth and Bluetooth Low Energy (aka. Bluetooth Smart)?

Bluetooth Low Energy first introduced in 2010 is intended for use by IoT and low power devices. The original Bluetooth is still widely used by audio peripherals. Although they are different in many aspects, Bluetooth Low Energy is largely inspired by the original Bluetooth. These differences do not affect our attack.

What happens if the attack fails?

On failure the participating devices cancel the pairing procedure, and might notify the user of authentication failure. The user may try again immediately afterwards. Therefore, on success of pairing, the attack had certainly been succeeded.

Can I detect if someone is attacking me?

On success the attack is undetectable by the user. When it fails the user may be notified of authentication failure, yet this behavior is implementation dependent. In any case current devices cannot distinguish between our attack and a normal authentication failure.

Has this attack been applied in the wild?

We are not familiar with any such incident.

What information could be compromised?

Today Bluetooth may carry a large variety of sensitive information:

Bluetooth headsets may receive and transmit audio, such as phone conversations, music, podcasts, etc.

Mobile phones may transmit health information, SMS content, contacts lists, and emails to nearby wearables.

Wireless keyboards transmit keystrokes which may contain sensitive information (including passwords).

IoT devices transmit various kinds of sensitive information, e.g., smart-locks transmit digital key in order to open.

Which platforms are affected by this attack?

As far as we know every Bluetooth chip manufactured by Intel, Broadcom or Qualcomm is affected. Therefore, almost any device, including smartphones and headsets of all types, are affected. In addition, the Android Bluetooth stack (Bluedroid) is affected when using Bluetooth smart. Apple had provided patches for both MacOS and iOS. The Windows Bluetooth smart stack did not implement the lastest Bluetooth smart protocol and is therefore still vulnerable to older and simpler attacks.

What is the Invalid Curve Attack?

In order to exchange secret information over a public channel Bluetooth uses a mathematical structure called elliptic-curve. Due to insufficient validation an attacker could send an "invalid" point, which does not satisfy the mathematical properties of the elliptic-curve. By leveraging this phenomenon the attacker can compromise the secrets exchanged by the victim.

What is the recommended mitigation for platform developers?

The recommended and the most straight-forward mitigation is to validate that a given point satisfies the the elliptic-curve equation.

What is the recommended mitigation for users?

For users we can only recommend to verify that at least one of the paired devices has the patched version applied. Just make sure your smartphone is updated with the latest patches. Check with your vendor that both the chip and the operating system are patched (as the chip update fixes traditional Bluetooth connections, while the operating system update fixes Bluetooth LE connections).

How did you discover the problem?

We discovered the problem mainly by exhaustively reading the Bluetooth core specification. After considering the attack we used a programmable Bluetooth dongle in order to test devices for the vulnerability.

Who are you?

The researchers are part of a research team in the Technion in Israel which specializes in security and cryptography. Prof. Eli Biham is an expert in cryptanalysis and cyber security, and has a record of discovering vulnerabilities in widely used ciphers and communication systems (such as GSM cellular phones and car remote controls). He is a professor at the computer science department and serves as the head of the Technion's Hiroshi Fujiwara cyber security research center. Lior Neumann is a graduate student at the Technion, in the computer science department, and specializes in Bluetooth security.