Paper 2013/309
Bypassing Passkey Authentication in Bluetooth Low Energy
Tomas Rosa
Abstract
This memo describes new cryptographic weakness of the passkey-based pairing of Bluetooth Low Energy (also known as Bluetooth Smart). The vulnerability discussed here extends the set of possible attacking scenarios that were already elaborated before by Mike Ryan at Shmoocon 2013. Instead of the passive sniffing attack on pairing secrets, we show how an active fraudulent Responder can gracefully bypass passkey authentication, despite it being possibly based on even one-time generated PIN.
Note: Improved formatting and some typos were corrected.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Unknown status
- Keywords
- Bluetooth Low Energy Authentication
- Contact author(s)
- tomas rosa96 @ gmail com
- History
- 2014-04-23: revised
- 2013-05-25: received
- See all versions
- Short URL
- https://ia.cr/2013/309
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2013/309, author = {Tomas Rosa}, title = {Bypassing Passkey Authentication in Bluetooth Low Energy}, howpublished = {Cryptology {ePrint} Archive, Paper 2013/309}, year = {2013}, url = {https://eprint.iacr.org/2013/309} }