This post is also available in: heעברית (Hebrew)

Bluetooth is a widely deployed platform for wireless communications between mobile devices. As opposed to WiFi, it is not based on a network connecting many devices, but rather on a pairing between two specific devices, e.g. phone and earphones. This method enables a convenient use of the pairing and the communication security.

Researchers from the Technion – Israel Institute of Technology have succeeded in deciphering Bluetooth communication, which was considered so far as a secure communication channel.

For example, when we wish to use a Bluetooth hands-free we must confirm it on the phone device, and that creates the pairing between the two devices, i.e. an encrypted channel. During recent years, the encryption technology has advanced and this is why Bluetooth was considered safe. Currently, it is in almost any technological device, smart tv, smartwatches, wearable equipment, etc.

Student Lior Neumann and Prof. Eli Biham, Head of the cybersecurity research center at the Department of Computer Science at the Technion, have developed an attack which exposes Bluetooth’s vulnerabilities. Prof. Biham, one of the leading cryptography researchers, said: “The technology we’ve developed discovers the encrypting key that is common to two devices, and enables us or any third device to join the conversation. This way we can eavesdrop any conversation or hamper it. As long as we do not actively participate, the user is not aware of a third party.”

The attack developed by the researchers is relevant to two aspects of Bluetooth – the hardware (chip) and the operating system (e.g. Android) of the two devices (e.g. earphone and mobile device). In fact, it threatens the most updated versions of the international standard. Through CERT/CC at Carnegie Mellon University and Bluetooth SIG organization, the researchers contacted the leading companies in the field and updated them about the vulnerability they have discovered.

According to Prof. Biham, “We contacted giants such as Intel, Google, Apple, Qualcomm and Broadcom, which cover most of the relevant market, told them about the vulnerability and how to fix it. Google defined it as ‘highly severe’ and issued an update a month ago, Apple issued an update this week.. Other manufacturers contacted us by their own initiative in order to check their products.”