Breaking the Bluetooth Pairing – The Fixed Coordinate Invalid Curve Attack

Bluetooth is a widely deployed standard for wireless communications between mobile devices. It uses authenticated Elliptic Curve Diffie-Hellman for its key exchange. In this paper we show that the authentication provided by the Bluetooth pairing protocols is insufficient and does not provide the promised MitM protection. We present a new attack that modifies the y-coordinates of the public keys (while preserving the x-coordinates). The attack compromises the encryption keys of all of the current Bluetooth authenticated pairing protocols, provided both paired devices are vulnerable. Specifically, it successfully compromises the encryption keys of 50% of the Bluetooth pairing attempts, while in the other 50% the pairing of the victims is terminated. The affected vendors have been informed and patched their products accordingly, and the Bluetooth specification had been modified to address the new attack. We named our new attack the “Fixed Coordinate Invalid Curve Attack”. Unlike the well known “Invalid Curve Attack” of Biehl et. al. which recovers the private key by sending multiple specially crafted points to the victim, our attack is a MitM attack which modifies the public keys in a way that lets the attacker deduce the shared secret

Securing Internet-of-Things Devices

Smart home devices, also known as the Internet of Things (IoT) devices, are utilized more and more each day. As these devices grow in popularity, users connect to personal and private networks with devices that were unheard of ten years ago. The problem examined in this study is the security posture of IoT devices. Attackers are finding it relatively easy to access data on personal IoT devices. As the researcher, I examined the vulnerability of various types of IoT devices. IoT has allowed the public to take devices with them, creating a larger footprint, opening multiple attack vectors to exploit the data we produce daily. Ideally, these devices should be secure out of the box, so that users can trust the devices they have connected. Smart home technologies allow both autonomous and managed connections to a variety of network-connected devices. Using the penetration-testing framework known as the Information Systems Security Assessment Framework, the vulnerabilities present on these devices were examined. Kali Linux provided the best platform when trying to breach the IoT devices. Utilizing Kali Linux, I was able to breach more devices than using ParrotOS or Commando VM. Of the different types of IoT devices examined in this study, Kasa was the most susceptible to a breach. I was able to determine the IP address and hostnames of all 15 devices. On 47% (7 of 15) of the IoT devices, I was able to obtain the location of the rooms these devices were in. On 80% (12 of 15) of the IoT devices, I was able to render them useless with a DoS attack. This study will contribute to the overall body of knowledge specific to the security and vulnerability of IoT devices and provide information for users who are likely to utilize them