[ad_1]
Researchers from Hiroshi Fujiwara's Technion-Israel Institute of Technology and Hiroshi Fujiwara Cyber Security Research Center at the Technion have successfully deciphered Bluetooth communication, which was previously considered a safe channel of communication against violations. This was done as part of Lior Neumann's master's thesis, supervised by Professor Eli Biham, head of Hiroshi Fujiwara's Cybersecurity Research Center.
Bluetooth technology, developed in the 1990s, has quickly become a popular platform due to its ease of use. Unlike Wi-Fi, Bluetooth is not based on a network linking multiple devices to each other, but rather on the individual pairing of two devices (eg a headset and a phone). This method allows for convenient use and configuration and facilitates communication between devices.
When using a Bluetooth headset, for example, the user must confirm the action on his phone. A connection is then established between the headset and the telephone: an encrypted channel is formed between the two devices. Over the years, Bluetooth technology has been developed and extended to the latest encryption technologies. For this reason, this technology was widely considered immune to attacks. And thanks to its simplicity and low cost, Bluetooth technology is present in almost all consumer devices such as portable equipment, car speakers, smart TVs, smart clocks, keyboards and more. computers. It also supports Internet connections, printers and faxes.
After a year of theoretical and experimental work, Neumann and Professor Biham have developed an offensive that exposes a vulnerability in all the latest versions of Bluetooth. According to Professor Biham, who is considered one of the world's foremost cryptography researchers, "the technology we have developed reveals the encryption key shared by the devices and allows us, or a third device, to join the conversation, listen to or sabotage a conversation As long as we do not actively participate, the user has no way of knowing that there is a third party listening. "
The coupling of Bluetooth devices uses a mathematical concept called ECC: elliptic curve cryptography. At pairing, Bluetooth devices use points on a mathematical structure called the elliptic curve to determine a common secret key on which encryption is based. The Technion researchers have found a point with special properties located off the curve, which allows them to determine the result of the calculation without being identified as malicious by the device. Using this point, they set the encryption key that will be used by the two coupled components
The offensive developed by Neumann and Professor Biham is relevant to both aspects of Bluetooth technology – the hardware (chip) and the operating system (such as Android or iOS) in both devices (the headset and the phone in the case of the example above) – and threat the latest versions of the international standard. The Technion researchers contacted the CERT Coordination Center at Carnegie Mellon University and Bluetooth SIG and informed them of the violation they had discovered. "We have also contacted major international companies such as Intel, Google, Apple, Qualcomm and Broadcom, which hold most of the relevant market, and informed them of the breach and ways to fix it," said Professor Biham. "Google has defined the violation as" severe "and distributed an update about a month ago, Apple released an update this week. Other manufacturers who have heard of the violation have contacted us to check their products. "
Learn more:
First IPhone 4S phone for low power Bluetooth
More information:
More information can be found here: www.cs.technion.ac.il/~biham/BT/
Source link