Glider from the game of Life, rising from the left




Topic: #Bluetooth

Bluetooth Is Broken


When Bluetooth devices are paired, each side generates an encryption keypair in which the public key is a more-or-less randomly selected point on an agreed-upon elliptic curve in the Euclidean plane. They exchange public keys, and then each side computes a session key by performing an arithmetic operation on its own private key and the other side's public key. The mathematical basis for the encryption system guarantees that the two computations have the same result even though they reach it in different ways. Eavesdroppers cannot infer the session key because they don't have either of the private keys. However, the Bluetooth protocol doesn't authenticate both coordinates of the selected points, only the x-coordinates. This enables a “man in the middle” to insert a zero y-coordinate in place of the y-coordinate in a Bluetooth device's public key. The resulting point doesn't even lie on the agreed-upon elliptic curve, but it does lie on a curve that differs from the one actually used only by a vertical translation, and in fact lies at a point of order two on that curve, where two solutions to the curve's equation coincide. It turns out that Bluetooth can be induced to accept the attacker's bogus public key as valid half the time. When the attack works, it enables the attacker to derive a session key and then passively decrypt subsequent exchanges or forge messages from the device. When it doesn't work, the pairing attempt simply fails. The legitimate Bluetooth device doesn't get a secure connection in either case. Anyone within wireless range (which varies from ten to a hundred meters, depending on the capabilities of the Bluetooth devices) who happens to know when pairing is being attempted can mount such an attack.

“Breaking the Bluetooth Pairing — Fixed Coordinate Invalid Curve Attack”
Eli Biham and Lior Neumann, Technion, July 25, 2018

“Bluetooth Security: Flaw Could Allow Nearby Attacker to Grab Your Private Data”
Liam Tung, ZDNet, July 24, 2018

#Bluetooth #security #key-exchange

Hashtag index

This work is licensed under a Creative Commons Attribution-ShareAlike License.

Atom feed

John David Stone (

created June 1, 2014 · last revised December 10, 2018