Bluetooth communication was successfully deciphered in a research conducted by Technion’s Hiroshi Fujiwara Cyber Security Research Center and Technion-Israel Institute of Technology Computer Science Department. Previously, Bluetooth was used as a safe communication channel to avoid breaches. Conducted under the supervision of Hiroshi Fujiwara Cyber Security Research Center head, Prof. Eli Biham, the research was conducted as part of master’s thesis by Lior Neumann. As per Prof. Biham’s findings, the technology developed by the researchers exposes a vulnerability in all latest Bluetooth versions. It unveiled the encryption key shared by the devices and allowed a third device or even the researchers to eavesdrop on the conversation.
Technology Reveals Encryption Key Shared by Devices, Allows to Join Conversation
Elliptic-curve cryptography (ECC) is the mathematical concept used in Bluetooth device coupling. A common secret key based on which the encryption is done is determined with the help of points on an elliptical curve, i.e. basically a mathematical structure, used by the Bluetooth devices at the time of coupling. Featuring some special properties, an important point was identified in the Technion research which is located outside the curve. It allowed the researchers to work out the result of the calculation without the knowledge of the device or being identified as malicious. They were then able to set the encryption key to be engaged by the two coupled components.
The offensive developed in the research is applicable to the OS and hardware of both the devices, and endangers latest editions of the international standard. The researchers informed about the breach they discovered to Bluetooth SIG and Carnegie Mellon University’s CERT Coordination Center.