As is described in the article: “Analysing Bluetooth” this wireless technology has different weaknesses that could be exploited by malicious users in order to compromise systems. The industrial environments that include devices that make use of Bluetooth protocol in their as part of their communications could be victims of attacks aimed at exploiting these specific vulnerabilities, which would be:
- Sending of signs with specific packets that could cause disorder in the pairing process and communications.
Theft of information, due to the use of Bluetooth technology through devices without being aware of it. The latter only applies to devices that use a version of Bluetooth older than 4.2, as after this no Bluetooth device can be tracked without prior consent.
In order to verify different aspects relevant to the protocol a series of tests have been carried out by Bluetooth Low Energy (BLE) version 4.0, with the aim of testing the strength of the protocol if all of its security capacities are applied.
The laboratory environment used to carry out tests consists of a commercial development kit comprising of 3 devices: two evaluation panels that include BLE modules and a USB device that also allows Bluetooth communication.
- Test environment -
These 3 devices can be programmed and configured to cover different requirements. For these tests, the configurations used enable incorporated security measures in the transmissions and capture traffic in order to check the results.
Furthermore, they have used different tools, from those used to catch network trafficking (Packet sniffer) to tools centred on protocol and functionality like Btool, or the suite of Bluetooth tools from the distribution Kali Linux.
In order to carry out these tests, three devices have been used, one configured as a slave, one as the master and a third that carries out the capture of communication traffic.
Establishment of communication
The establishment of the communication between 2 Bluetooth devices consists of an association phase between the two parts of a Bluetooth network (in this case, point by point to only make two devices available, but it is possible to perform multi-point connections with more devices).
The slave sends continuous signals to notify the presence of a possible master with which to establish a communication.
- Signalling frames sent by slave -
In order to establish a communication, the master performs a discovery phase SDP (Service Discovery Protocol) with the aim of listing all the slave devices in its reach, identified thanks to the signalling frames, in order to later send an establishment packet to those it wants to communicate with.
- Establishment of the master/slave connection -
Using the BTOOL tool one can be capable of analysing this establishment phase in detail:
- Establishment of the master/slave connection -
The MAC address of the slave device can be observed as much in the captured Bluetooth frame, as in the interpretation of BTOOL. The first request (in green) represents the master trying to establish a connection, to which 2 responses correspond (in blue): in the first, the interaction between the host and the controller in the slave can be observed for the petition carried out by the master, while in the second, the connection is finally established.
Once the connection has been established the watch is synchronised and this determines the order of frequency channel hopping through the L2CAP protocol. Information is exchanged uninterruptedly following the specifications of Bluetooth technology with constant channel hopping. This type of Bluetooth network device is called piconet.
Once a connection is established it can be observed that frequency hopping, characteristic of the Bluetooth protocol is used in the communication. The sequence repeats these hops, so it does not provide additional security against an external observer but it rather act as improve the use of the transmission band.
After the establishment of the session it is then possible for the master and slave to exchange information. This implies the possibility of reading and writing specific values or addresses from the memory of the slave.
- Parameter readings with no security applied -
After the read request (green) on the image, there are two answers, the first for the treatment of the request, showing that it is all carried out correctly, the second showing the data, in this case 0x0018.
When a communication channel is established such as in this case, without security, reading and writing performed can be captured easily. As only the identification of extremes has been carried out, any of them could have been impersonated and continued with communication.
In order to add an extra level of security an exchange of information authentication is established through the pairing process. This process ensures that the devices exchanging information are what they claim to be.
- Pairing process -
The pairing process requires the use of a key or PIN (passkey) that must be known beforehand, therefore avoiding the malicious devices that can be incorporated into the piconet network.
- Option of the Btool tool, "sending of the Passkey" (PIN) -
After exchanging the PIN the pairing process that provides authentication of extremes is finalised.
- Use of the PIN to improve security when establishing a connection between devices -
The PIN is the only secret used in the generation of keys that is not transferred in wireless communication, since it is based on a challenge-response scheme to verify knowledge of a secret key on the part of the participant. In the image it is possible to see the PIN in the request shown by BTOOL since the tool shows it, but in the capture it cannot be detected given that the data was not transmitted; therefore it is not possible to capture it.
Thanks to pairing, MiTM attacks are avoided and together with the implementation of a white list of devices, this adds a higher level of security to communication.
The pairing process only authorises users, who listen to network trafficking being carried out from unencrypted traffic.
It is possible to encrypt the communications channel through a long term key LTK (Long Term Key). The LTK is a key generated after pairing and knows as much about the master as the slave upon activating the encryption.
- Encrypted communication avoiding possible attackers listening -
Once encrypted, we have repeated the same data reading test from the previous section. In the following images the differences can be observed between the same Bluetooth transmission with and without encryption.
- Reading WITHOUT encryption activated -
- Reading WITH encryption activated -
Encrypted information verifies that it is not possible to interpret captured information. The value 0x0018, the response of the slave to the request, also does not appear in the encrypted communication.
With the existing pairing there is the possibility of threatening the key in the long run in order to encrypt communication. This key persists, threatening both devices, master and slave, and used to ascertain in advance a communication between devices, the key of which will encrypt communication, being capable of carrying out encrypted information exchange without having to carry out the previous steps of pairing and authentication again. The LTK can be used by both devices provided that these retain the key saved without it being deleted manually.
From the conclusions obtained in the laboratory tests the following recommendations can be extracted in order to assure the safety of Bluetooth communications:
- Activate the communication encryption whenever possible. The use of LTK allows communication to be encrypted between the master and the slave from the first moment. All devices from a control network that uses Bluetooth should make use of the encryption.
- Do not accept connections from unknown devices. Activate the white list option in the master and require pairing with a key of at least 5 characters, thus avoiding malicious devices connecting without permission.
- Continuously revise the list of registered trusted devices in order to avoid malicious devices appearing.
- Assign a name to the devices that does not reflect extra information such as the brand, the device model, the location or service. With these measures it is difficult for possible attackers to benefit from vulnerabilities associated with specific devices and carry out targeted attacks.
- Maintain device configuration in invisible mode to make it difficult to detect from other devices.