蓝牙的复杂性继续给低功率、短距离无线技术带来安全问题,学术研究人员过去几个月发布了一系列针对该技术的新攻击
. 今年5月,出席IEEE安全与隐私研讨会的研究人员展示了一种类似的攻击,它滥用规范中的一个缺陷,允许模拟成对设备
蓝牙的复杂性继续给低功率、短距离无线技术带来安全问题,学术研究人员过去几个月发布了一系列针对该技术的新攻击
9月9日,蓝牙特别兴趣小组(SIG)发表了一份关于大学研究人员发表的两篇论文的声明,这些论文描述了特定情况下破坏配对蓝牙设备安全性的方法。上个月,进攻性技术研讨会(WOOT)会议上,来自普渡大学的一组研究人员还展示了一些弱点,这些弱点可能使攻击者能够欺骗之前使用蓝牙低能量(BLE)协议配对的设备。今年5月,出席IEEE安全与隐私研讨会的研究人员展示了一种类似的攻击,它滥用规范中的一个缺陷,允许模拟成对设备
Yossi Oren说,蓝牙生态系统的复杂性和大量实现使得安全性难以实现,而更易于使用的蓝牙审计工具(如InternalBlue开源工具包)的兴起,使得漏洞研究人员更容易开展工作,他是以色列本古里安大学的高级讲师,也是该校实施安全实验室的研究员
奥伦说:“以前研究蓝牙很困难,因为硬件是封闭的,而且控制得很严格。”。“最近,破解蓝牙变得越来越容易……(因为)你不需要任何客户无线电平台或特殊技术技能。”
三种不同的攻击-称为蓝牙低能量欺骗攻击(BLESA),蓝牙模拟攻击(偏差),以及BLURtooth—证明了不同的连接设备生态系统中确保安全性的复杂性导致了许多潜的实现问题,某些情况下,还存规范缺陷
The complex nature of Bluetooth continues to cause security problems for the low-powered, short-range wireless technology, with academic researchers releasing a parade of new attacks against the technology in the past few months.
On Sept. 9, the Bluetooth Special Interest Group (SIG) issued a statement regarding two papers released by university researchers that described ways of undermining the security of paired Bluetooth devices in specific circumstances. Last month at the Workshop on Offensive Technologies (WOOT) conference, a group of researchers from Purdue University also showed off several weaknesses that could allow attackers to spoof a device that had previously been paired using the Bluetooth Low Energy (BLE) protocol. And in May, researchers presenting at the IEEE Symposium on Security and Privacy showed off a similar attack that abuses a flaw in the specification to allow the impersonation of a paired device.
The complexity of the Bluetooth ecosystem and the large number of implementations have made security hard to achieve, while the rise in easier-to-use Bluetooth auditing tools, such as the InternalBlue open source toolkit, has made it easier for vulnerability researchers to do their work, says Yossi Oren, a senior lecturer at Ben-Gurion University in Israel and a researcher in the school’s Implementation Security Lab.
“It used to be difficult to research Bluetooth because the hardware was closed and tightly controlled,” Oren says. “Recently it’s been getting much easier to hack Bluetooth … [because] you don’t need any customer radio platform or special technical skills.”
The three different attacks — dubbed the Bluetooth Low Energy Spoofing Attack (BLESA), the Bluetooth Impersonation Attacks (BIAS), and BLURtooth — demonstrate that the complexity of ensuring security across the diverse connected-device ecosystem has resulted in many potential implementation problems and, in some cases, specification weaknesses. |
