BLUETOOTH WEAKNESSES

ENCRYPTION

The Bluetooth specification does not describe encryption, some manufacturers produce devices without encryption or the encryption mode is deactivated by factory setting. The E0 algorithm is used for Bluetooth encryption. The E0 encryption is a typical stream cipher. The plaintext is encrypted with XOR: plaintext XOR key-password. The cyclic redundancy check (CRC) checksum
is added to every data package to check the transmission error. The whole Bluetooth packet is encrypted except the header. The E0 algorithm uses XOR encryption, so it has the weakness for known plaintext attacks. If the attacker knows that one Bluetooth device is transmitting TCP packets, he can guess the TCP- header. Then he makes XOR with the guessed TCP-header and with the encrypted Bluetooth packet without header, therewith he can obtain a part of the key- password. This technique, gives the attacker a part of the key, however the key length reduces then form 128 bit down to 84 bit and makes the algorithm vulnerable to brute force attacks.Brute force attack is an attack, which uses every possible key and tries to decrypt the encrypted text to get the plaintext.

RANDOM NUMBER GENERATOR

A random number generator is used for the challenge- response- authentification18. The generation of random numbers is very important for the security of the Bluetooth protocol.The random number generator utilizes the state of the system memory to generate random numbers. The output of this generator is used for generating random numbers for the encryption. There is no specification for a random number generator, neither how to implement. If cheap generators are used, the numbers, which they produced, are not really random numbers. These numbers can be guessed by an attacker so he can calculate the connection key.

UNIT KEY

The unit key can be used several times, but is normally used once. The Bluetooth standard does not specify where the unit key is saved. In some devices, the key is stored in places, which can be read by an attacker. If the unit key is sniffed, the attacker could use the key as his own and impersonate himself as a master. Secondly, the attacker could eavesdrop the communication if he guesses the
link key, which is generated from the unit key.

KEY LENGTH

At the beginning of the connection, the communication key length is negotiated. The Bluetooth encryption key can have a length up to 128 bit. The shortest length is 8 bit. The user cannot control the key length. If one device only uses an 8-bit length key, all the communication will run with 8-bit encryption. While the negotiation, that runs unencrypted, the attacker can force the other communication partners to use the short key of 8 bit. With a brute force attack, this short key length could be later easy guessed.

PIN – CODE

To establish the communication, the same PIN- Code must be entered in both communicating Bluetooth devices. The PIN-Code is used to calculate the link key and the session key. Often the PIN-code is only 4 digits long. This makes brute forcing of the key possible, because of the few key combinations (104 =10.000 possibilities). Many PIN-codes in Bluetooth devices are set by default to ―0000. Some devices without digit keyboard (like headsets) cannot even change a PIN- Code, hence the link key can be guessed.

DRIVER EXPLOITS

Many Bluetooth communication adapters for PCs use often the windows driver from the Widcomm Company. The software offers many important Bluetooth profiles (for example, the Basic Printing Profile (BPP) allows devices to send text, e-mails, vCards, or other items to printers or File Transfer Profile (FTP) provides access to the file system on another device). It is possible for an attacker to induce a buffer overflow in the driver and to run his code under permissions of the current user. Widcomm-driver versions 1.3.2.7 and 1.4.2.10 (Windows XP and Windows 98) and version 1.4.1.03 for Windows CE 3.0 are affected. It would be possible to write a worm that spreads between Windows PCs and PDAs.