BlueBump

The BlueBump attack is the Bluetooth equivalent to a very cool physical security thread called key bumping. When used correctly, an appropriate bump key can be used to open any lock in seconds. Since the BlueBump attack is also about keys (link keys in this case) we named this attack after this amazing technique.

Method

The BlueBump attack requires the attacker to be a social engineer. The way it works is that the attacker establishes a trusted connection to a certain device. This could be achieved by sending a business card and forcing the receiver to authenticate (Mode-3-Abuse). The attacker keeps the connection open and tells the victim to delete the link key for the attacker’s device. The victim is not aware of the connection that is still active. The attacker now requests a link-key regeneration. Doing so, the attacker’s device gets a new entry in the list without having to authenticate again. The attacker is then able to connect to the device at any time as long as the key is not deleted again.

People Involved

For questions about the BlueBump attack, feel free to ask Adam Laurie, Marcel Holtmann or Martin Herfurt.

Sharing is caring!