January 19, 2022

Technion Researchers Discover “Severe” Bluetooth Communication Breach

Researchers in the Technion’s Computer Science Department and Hiroshi Fujiwara Cyber Security Research Center have successfully deciphered Bluetooth communication — previously considered impenetrable to breaches.

First developed in the 1990s, Bluetooth technology is now all around us, from our car speakers to our keyboards. Unlike Wi-Fi — which connects several devices to each other — Bluetooth pairs two devices together, making it more convenient and secure.

Bluetooth device pairing uses a mathematical concept called ECC: elliptic-curve cryptography. At the moment of coupling, the Bluetooth devices use points on a mathematical structure called an elliptical curve to determine a common secret key on which encryption is based.

Over the years, Bluetooth encryption technology has advanced dramatically and was widely considered immune to attack. But after a year of theoretical and experimental work, Technion student Lior Neumann and Professor Eli Biham, head of the Hiroshi Fujiwara Cyber Security Research Center at the Technion, developed an offensive that exposes a vulnerability in all the latest versions of Bluetooth.

The Technion researchers found a point with special properties located outside the elliptical curve. This determines the result of the calculation — revealing the encryption key shared by two devices paired by Bluetooth. This allows a hacker to eavesdrop on a conversation, without the users knowing a third party is listening in.

The vulnerability affects both aspects of Bluetooth technology: the hardware (chip) and the operating system (such as Android or iOS) in both devices. The Technion researchers contacted the CERT Coordination Center at Carnegie Mellon University, Bluetooth SIG, and major companies that manufacture Bluetooth products to inform them of the breach they discovered, along with ways to fix it.