Maximilian von Tschirschnitz (Technical University of Munich), Ludwig Peuckert (Technical University of Munich), Moritz Buhl (Technical University of Munich), Jens Grossklags (Technical University of Munich)

Previous works have shown that Bluetooth is susceptible to so-called Method Confusion attacks. These attacks manipulate devices into conducting conflicting key establishment methods, leading to compromised keys. An increasing amount of security-sensitive applications, like payment terminals, organizational asset tracking systems and conferencing technologies now rely on the availability of a technology like Bluetooth.
It is thus an urgent goal to find and validate a mitigation to these attacks or to provide an appropriate replacement for Bluetooth without introducing additional requirements
that exclude device or user groups.
Despite recent solution proposals, existing threat models overlook certain attack vectors or dismiss important scenarios and consequently suffer under new variants of Method Confusion.

We first propose an extended threat model that appreciates the root issue of Method Confusion and also considers multiple pairing attempts and one-sided pairings as security risks.
Evaluating existing solution proposals with our threat model, we are able to detect known Method Confusion attacks, and identify new vulnerabilities in previous solution proposals.
We demonstrate the viability of these attacks on real-world Bluetooth devices. We further discuss a novel solution approach offering enhanced security, while maintaining compatibility with existing hardware and Bluetooth user behavior.
We conduct a formal security proof of our proposal and implement it on commonplace Bluetooth hardware, positioning it as the currently most promising update proposal for Bluetooth.

View More Papers

Passive Inference Attacks on Split Learning via Adversarial Regularization

Xiaochen Zhu (National University of Singapore & Massachusetts Institute of Technology), Xinjian Luo (National University of Singapore & Mohamed bin Zayed University of Artificial Intelligence), Yuncheng Wu (Renmin University of China), Yangfan Jiang (National University of Singapore), Xiaokui Xiao (National University of Singapore), Beng Chin Ooi (National University of Singapore)

Read More

On the Realism of LiDAR Spoofing Attacks against Autonomous...

Takami Sato (University of California, Irvine), Ryo Suzuki (Keio University), Yuki Hayakawa (Keio University), Kazuma Ikeda (Keio University), Ozora Sako (Keio University), Rokuto Nagata (Keio University), Ryo Yoshida (Keio University), Qi Alfred Chen (University of California, Irvine), Kentaro Yoshioka (Keio University)

Read More

Query Privacy in Data Spaces

Shuwen Liu (School of Data Science, The Chinese University of Hong Kong, Shenzhen, China), George C. Polyzos (School of Data Science, The Chinese University of Hong Kong, Shenzhen, China and ExcID P.C., Athens, Greece)

Read More

Misdirection of Trust: Demystifying the Abuse of Dedicated URL...

Zhibo Zhang (Fudan University), Lei Zhang (Fudan University), Zhangyue Zhang (Fudan University), Geng Hong (Fudan University), Yuan Zhang (Fudan University), Min Yang (Fudan University)

Read More