The BlueBump attack is the Bluetooth equivalent to a very cool
physical security thread called key
bumping. When used correctly, an appropriate bump key can be
used to open any lock in seconds. Since the BlueBump attack is
also about keys (link keys in this case) we named this attack after
The BlueBump attack requires the attacker to be a social engineer.
The way it works is that the attacker establishes a trusted connection
to a certain device. This could be achieved by sending a business
card and forcing the receiver to authenticate (Mode-3-Abuse). The
attacker keeps the connection open and tells the victim to delete
the link key for the attacker's device. The victim is not aware
of the connection that is still active. The attacker now requests
a link-key regeneration. Doing so, the attacker's device gets a
new entry in the list without having to authenticate again. The
attacker is then able to connect to the device at any time as long
as the key is not deleted again.
For questions about the BlueBump attack, feel free to ask Adam
Laurie, Marcel Holtmann
or Martin Herfurt.