Bluetooth current security system and attack analysis sweat proof headphones

Security Mechanism
(1) Using FHSS technology, the Bluetooth communication can resist the interference of similar electromagnetic waves:
(2) Use encryption technology to provide data confidentiality services;
(3) Use an identity authentication mechanism to ensure data transmission between reliable communication entities. www.bjbjaudio.com

safe mode
The Bluetooth specification defines 3 security modes that encompass device functions and applications:
(1) Not safe. Information security management is not employed and security protection and processing are not performed. It is not authenticated by link layer security functions.
(2) Business security. The Bluetooth device adopts information security management and performs security protection and processing. This security mechanism is established in the Logical Link Control and Adaptation Protocol (L2CAP) and the above protocols. This mode can define security levels for devices and services.
(3) Link layer security. Bluetooth devices use information security management and perform security protection and processing. This security mechanism is built into the chip and link management protocol (LMP). www.bjbjaudio.com

Attack Analysis
Authentication attack
Authentication is based on the sharing of public link keys between devices. If the link key is the default key, then every communication depends on the PIN PIN is a 4-digit number, making the key space only 10,000 values ​​​​at most, and it is easy for an attacker to crack the PIN using exhaustive methods. If the link The key is generated by the device key, then the attacker can use the obtained PIN to impersonate the attack. In the scheme using the device key as the link key , suppose that device A communicates with device B and then communicates with device C, assuming that A and C use A's device key, and that both A and B use the same key , then all three devices use the same key and can impersonate each other . www.bjbjaudio.com

encryption attack
This attack is based on a PIN flaw. In the process of establishing the link key, the network intruder first intercepts the data packets in the first handshake process, in order to calculate various parameters including the link key, so as to carry out a brute force attack on the PIN. Another attack is the use of encryption algorithms. The link-level encryption algorithm adopts the stream cipher series algorithms E0E1, E21E22 and E3. This algorithm encryption is not only fast, but also easy to implement in hardware. www .bjbjaudio.com

communication attack
Communication attacks are also known as "impersonation". This attack first scans and records the valid user's Mobile Identificatior number (MIN) and Electronic Series Number (ESN). Suspect users. In the Bluetooth specification, there are three places in the data frame to be edited. Using these modified and forged data frames, the attacker pretends to be the user's ID and makes a request. Use code scramblers to mess up user and network communications or retransmit previous session frames in a relay way to destroy the victim's important data. www.bjbjaudio.com  

frequency hopping attack
Although the frequency hopping (FH) attack scheme is more difficult, the frequency hopping itself has the defect of being vulnerable to attacks. In order to ensure normal communication between the two parties of frequency hopping, accurate clock synchronization is required during frequency hopping, and attackers often attack the frequency hopping clock to achieve the purpose of destroying the communication between the two parties. A 28-bit clock is embedded in a Bluetooth device, and an attacker can use a low-energy laser (LEL) electromagnetic pulse (EMP) to destroy the clock so that it cannot communicate with other devices, but this attack is less likely. The strength, penetrability, omnidirectional propagation of radio waves and the relay of Bluetooth devices expand the range of device communication, and secondary attackers can easily overhear network and communication-related information, including frequency hopping algorithms and related parameters. www.bjbjaudio.com