bluetooth [in]security

Bluetooth [in]securitySecurity Center of Excellence

#whoami

Jiggyasu Sharma

• A secuirty N00b• I hack for bread and b33r• I write [crape]• I shoot [by camera]

Agenda

• To discus whatever we all know

Bluetooth

• Bluetooth is a wireless technology standard for exchanging data over short distances (using short-wavelength UHF radio waves in the ISM band from 2.4 to 2.485 GHz) from fixed and mobile devices, and building personal area networks (PANs). (wiki)

History

• Named on 10th century king Herald Bluetooth• Proposed by Jim Kardach• In 1997• A system which communicate b/w phone and comp• BSIG

Capability

• Wireless• Short Range• Less energy• Cheap• Personal• Easy• Multipoint• Frequency hopping• [in]secure

Where is being used

• Phone/Computer/Camera/Speaker• Watch/Fitness Band/Car/door locks• Cooker/coffee machine/trimer/dryer• Medical devices : ventilator/blood glucose monitor• Payment solution• 7 Million Devices

Types

• Classic (since 1997)• V-1• V-2• V-3

• Smart (since 2010)• V-4.0• V-4.1• V-4.2

Difference

• Both can not communicate to each other• PHY and DLL are completely difference• High level protocol reuse [L2CAP…]

Bluetooth Low Energy

Protocol Stack

PHY Layer

• FSK, +/- 250 kHz, 1 Mbit/sec• 40 channels in 2.4 GHz• Hopping

PHY Channels

• 40 channels • 0-39• Advertising – 3• Data -37

Hoping

• Hope along 37 data channels• One data packet per channel• Next channel = (channel + hop increment) mod 37

• 3 → 10 → 17 → 24 → 31 → 1 → 8 → 15 → …• hop increment = 7

Link Layer

How to sniff

• Its Hard (actually)

Ubertooth

• Open source h/w• Bluetooth sniffer• Ubertooth One• Cheapest in existing solutions

Block diagram

Capturing Packates

• Configure CC2400• Follow connections according to hop pattern• Hand off bits to ARM MCU

Encryption

• Provided by link layer• Encrypts and MACs PDU• AES-CCM

Key Exchange Protocol

• Three stage process• 3 pairing methods• Just Works• 6-digit PIN• OOB

• “None of the pairing methods provide protection against a passive eavesdropper” -Bluetooth Core Spec

Cracking the TK

Using Crackle

Total time to crack: < 1 second

• TK -> STK• STK -> LTK• LTK -> Session keys

• And its passive

LTK Reuse

Let’s just do it...

• Do not believe me without a DeMo...

Required setup

• Bluetooth pairing devices (BLE/BTLE capable)• Ubertooth One• Linux system (Ubuntu/Kali works well)• Ubertooth config• Kismet• Wireshark• Crackle

Prerequisite

prerequisites that Ubuntu needs

Now we need PyUSB

• for add python access to USB ports

PyUSB to be downloaded

bluetooth base band libraries (lib-btbb)• needed for the ubertooth to decode bluetooth packets

install lib-btbb

Install ubertooth tools

• ubertooth basic functionality for spectrum analyzing, bluetooth sniffing and firmware updates

install Ubertooth Basic Tools

install ubertooth-follow tool

• plugin for a linux program

install Ubertooth-follow Toolsinstall Ubertooth-follow Tools

Ubertooth Spectrum Analyzing (before Kismet)• Connect the ubertooth one to your USB port• If you are using a virtual machine, enable it on the Devices/Usb Ports and seek the ubertooth one• Two green LEDs (RST and 1.8V) and the red LED (USB LED) that indicates Ubertooth can communicate via USB port.

Plug Ubertooth to USB

launch the ubertooth spectrum analyzer

Kismet

• Install kismet default• Then ubertooth plugin

Kismet Connection

The final step of the kismet install

Kismet Config

compile and install the kismet plugin to enable kismet capture bluetooth packets

Install Kismet Plugin

launch kismet and configure ubertooth plugin

Launch Kismet for Ubertooth Plugin

install wireshark with wireshark bluetooth baseband plugin for the file captured by kismet to be analyzed.

Install Wireshark BTBB plugin

and finally we can open pcapbtbb files

Open captured pcapBTBB file

Decrypt Bluetooth packets

• Crackle

Handle pcap file to crackleisaias@ubuntu:~/crackle-sample# crackle -i ltk_exchange.pcap -o decrypted.pcapTK found: 000000ding ding ding, using a TK of 0! Just Cracks(tm)Warning: packet is too short to be encrypted (1), skippingLTK found: 7f62c053f104a5bbe68b1d896a2ed49cDone, processed 712 total packets, decrypted 3

To listen in on future communications between the two devices : using LTK captured

isaias@ubuntu:~/crackle-sample# crackle -i encrypted_known_ltk.pcap -o decrypted2.pcap -l 7f62c053f104a5bbe68b1d896a2ed49cWarning: packet is too short to be encrypted (1), skippingWarning: packet is too short to be encrypted (2), skippingWarning: could not decrypt packet! Copying as is..Warning: could not decrypt packet! Copying as is..Warning: could not decrypt packet! Copying as is..Warning: invalid packet (length to long), skippingDone, processed 297 total packets, decrypted 7

On the goOn the go

References

• http://ubertooth.sourceforge.net/ • https://github.com/greatscottgadgets/ubertooth/ • https://www.kismetwireless.net/ • http://tools.kali.org/wireless-attacks/crackle • http://www.nist.gov/customcf/get_pdf.cfm?pub_id=911133

http://ubertooth.sourceforge.net/



https://github.com/greatscottgadgets/ubertooth/

https://github.com/greatscottgadgets/ubertooth/

https://www.kismetwireless.net/



http://tools.kali.org/wireless-attacks/crackle

http://tools.kali.org/wireless-attacks/crackle

http://www.nist.gov/customcf/get_pdf.cfm?pub_id=911133

http://www.nist.gov/customcf/get_pdf.cfm?pub_id=911133

Thank you all, and Special thanks to…• Philips and team• Minatee Mishra• Anirudh Duggal• Sanjog Panda• Pardhiv Reddy• Ajay Pratap Singh• Geethu Arvind

Questions? Apart from...

bluetooth [in]security

Devices & Hardware