Implementing an Attack on Bluetooth 2.1+ Secure Simple Pairing in Passkey Entry Mode

Due to the serious security issues found in early Bluetooth revisions, Bluetooth revision 2.1 (and later) uses a new pairing process called Secure Simple Pairing (SSP). SSP allows two devices to establish a link key based on a Diffie-Hellman key agreement and supports four methods to authenticate the key agreement. One of these methods is called Passkey Entry method, which uses a PIN entered on one or both devices. The Passkey Entry method has been shown to leak this PIN to any attacker eavesdropping on the first part of the pairing process. If in addition, the attacker can prevent the pairing process to successfully complete and the user uses the same PIN twice (or a fixed PIN is used), the attacker can mount a man-in-the-middle attack on a new run of the pairing process. In this paper, we explore the practicality of this attack and show that it is should be taken very seriously. Lacking devices with a reasonably programmable Bluetooth stack to implement the attack upon, we created Bluetrial: our own implementation of the relevant Bluetooth parts using the GNU Radio platform on USRP and USRP2 devices.