Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks

Authors: 

Yue Zhang, College of Information Science and Technology, Jinan University (Department of Computer Science, University of Central Florida); Jian Weng, College of Information Science and Technology, Jinan University; Rajib Dey, Department of Computer Science, University of Central Florida; Yier Jin, Department of Electrical and Computer Engineering, University of Florida; Zhiqiang Lin, Computer Science and Engineering, The Ohio State University; Xinwen Fu, Department of Computer Science, University of Central Florida

Abstract: 

To defeat security threats such as man-in-the-middle (MITM) attacks, Bluetooth Low Energy (BLE) 4.2 and 5.x introduced a Secure Connections Only (SCO) mode, under which a BLE device can only accept secure pairing such as Passkey Entry and Numeric Comparison from an initiator, e.g., an Android mobile. However, the BLE specification does not require the SCO mode for the initiator, and does not specify how the BLE programming framework should implement this mode. In this paper we show that the BLE programming framework of the initiator must properly handle SCO initiation, status management, error handling, and bond management; otherwise severe flaws can be exploited to perform downgrade attacks, forcing the BLE pairing protocols to run in an insecure mode without user's awareness. To validate our findings, we have tested 18 popular BLE commercial products with 5 Android phones. Our experimental results proved that MITM attacks (caused by downgrading) are possible to all these products. More importantly, due to such system flaws from the BLE programming framework, all BLE apps in Android are subject to our downgrade attacks. To defend against our attacks, we have built a prototype for the SCO mode on Android 8 atop Android Open Source Project (AOSP). Finally, in addition to Android, we also find all major OSes including iOS, macOS, Windows, and Linux do not support the SCO mode properly. We have reported the identified BLE pairing vulnerabilities to Bluetooth Special Interest Group, Google, Apple, Texas Instruments, and Microsoft.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {255346,
author = {Yue Zhang and Jian Weng and Rajib Dey and Yier Jin and Zhiqiang Lin and Xinwen Fu},
title = {Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks},
booktitle = {29th USENIX Security Symposium (USENIX Security 20)},
year = {2020},
isbn = {978-1-939133-17-5},
pages = {37--54},
url = {https://www.usenix.org/conference/usenixsecurity20/presentation/zhang-yue},
publisher = {USENIX Association},
month = aug
}

Presentation Video