Technion Researchers Discover “Severe” Bluetooth Communication Breach

July 25, 2018

Researchers in the Technion’s Computer Science Department and Hiroshi Fujiwara Cyber Security Research Center have successfully deciphered Bluetooth communication, which was previously considered a safe communication channel against breaches. This was done as part of Lior Neumann’s master’s thesis, supervised by Prof. Eli Biham, head of the Hiroshi Fujiwara Cyber Security Research Center.

Bluetooth technology, developed in the 1990s, quickly became a popular platform thanks to its simplicity of use. Unlike Wi-Fi, Bluetooth is not based on a network connecting several devices to one another but rather on the individual pairing of two devices (e.g. a headset and a telephone). This method allows convenient use and configuration and makes securing communication between devices easier.

When using a Bluetooth headset, for example, the user must confirm the action on his phone. A connection is then established between the headset and the phone: an encrypted channel is formed between the two devices. Over the years, Bluetooth technology has developed and expanded, and has advanced to the latest encryption technologies. For this reason, this technology was widely considered immune to attack. And thanks to its simplicity and low cost, Bluetooth technology is present in almost every technological consumer device such as wearable equipment, car speakers, smart TVs, smart clocks, keyboards, and computers. It also supports Internet connections, printers and faxes.

After a year of theoretical and experimental work, Neumann and Prof. Biham developed an offensive that exposes a vulnerability in all the latest versions of Bluetooth. According to Prof. Biham, currently one of the most prominent researchers in cryptography, “The technology we developed reveals the encryption key shared by the devices and allows us, or a third device, to join the conversation. We can eavesdrop on or sabotage a conversation. As long as we do not actively participate, the user has no way of knowing that there is a third party listening in.”

Bluetooth device coupling uses a mathematical concept called ECC: elliptic-curve cryptography. At the moment of coupling, the Bluetooth devices use points on a mathematical structure called an elliptical curve to determine a common secret key on which encryption is based. The Technion researchers found a point with special properties located outside the curve, which allows them to determine the result of the calculation without being identified as malicious by the device. Using that point, they set the encryption key that will be used by the two coupled components.

The offensive developed by Neumann and Prof. Biham is relevant to both aspects of Bluetooth technology – the hardware (chip) and the operating system (such as Android or iOS) in both devices (the headset and phone in the case of the example above) – and threatens the newest versions of the international standard. The Technion researchers contacted the CERT Coordination Center at Carnegie Mellon University and Bluetooth SIG and informed them of the breach they discovered. “We also contacted major international companies including Intel, Google, Apple, Qualcomm, and Broadcom, which hold most of the relevant market, and informed them about the breach and ways to fix it,” said Prof. Biham. “Google defined the breach as ‘severe’ and distributed an update about a month ago; Apple released an update this week. Other manufacturers who heard about the breach contacted us in order to check their products.”

For more than a century, the Technion – Israel Institute of Technology has pioneered in science and technology education and delivered world-changing impact. Proudly a global university, the Technion has long leveraged boundary-crossing collaborations to advance breakthrough research and technologies. Now with a presence in three countries, the Technion will prepare the next generation of global innovators. Technion people, ideas and inventions make immeasurable contributions to the world, innovating in fields from cancer research and sustainable energy to quantum computing and computer science to do good around the world.

The American Technion Society supports visionary education and world-changing impact through the Technion – Israel Institute of Technology. Based in New York City, we represent thousands of US donors, alumni and stakeholders who invest in the Technion’s growth and innovation to advance critical research and technologies that serve the State of Israel and the global good. Over more than 75 years, our nationwide supporter network has funded new Technion scholarships, research, labs, and facilities that have helped deliver world-changing contributions and extend Technion education to campuses in three countries.